Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 3.3.2Report Generated On : Nov 20, 2018 at 20:06:13 +08:00Dependencies Scanned : 351 (278 unique)Vulnerable Dependencies : 43 Vulnerabilities Found : 258Vulnerabilities Suppressed : 2... NVD CVE 2002 : 17/11/2018 16:52:50NVD CVE 2003 : 15/11/2018 17:02:52NVD CVE 2004 : 31/10/2018 06:50:04NVD CVE 2005 : 15/11/2018 17:02:07NVD CVE 2006 : 15/11/2018 16:59:57NVD CVE 2007 : 15/11/2018 16:56:40NVD CVE 2008 : 19/11/2018 19:38:03NVD CVE 2009 : 17/11/2018 16:50:04NVD CVE 2010 : 17/11/2018 16:47:04NVD CVE 2011 : 17/11/2018 16:43:13NVD CVE 2012 : 17/11/2018 16:38:20NVD CVE 2013 : 17/11/2018 16:35:03NVD CVE 2014 : 17/11/2018 16:31:41NVD CVE 2015 : 17/11/2018 16:27:35NVD CVE 2016 : 17/11/2018 16:23:34NVD CVE 2017 : 17/11/2018 16:17:58NVD CVE 2018 : 19/11/2018 19:38:02NVD CVE Checked : 20/11/2018 20:05:34NVD CVE Modified : 20/11/2018 19:24:34VersionCheckOn : 1542629390450Display:
Showing Vulnerable Dependencies (click to show all) Dependencies stax-utils-20060502.jarLicense:
BSD: https://stax-utils.dev.java.net/source/browse/*checkout*/stax-utils/LICENSE File Path: /Users/Kevin/.m2/repository/net/java/dev/stax-utils/stax-utils/20060502/stax-utils-20060502.jar
MD5: 6af71b7f47537a53c5adf70423a8fbfc
SHA1: 66fad5029732305ab7863c140eafd9de4972dd34
SHA256: ecafb82b24e0960a2ca360a91101c49d59ecd6b597a05e6150e0d2697b3547af
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor jar package name staxutils Low Vendor pom artifactid stax-utils Low Vendor jar package name javanet Low Vendor pom groupid net.java.dev.stax-utils Highest Vendor pom url http://stax-utils.dev.java.net/ Highest Vendor file name stax-utils-20060502 High Product pom groupid net.java.dev.stax-utils Low Product pom url http://stax-utils.dev.java.net/ Medium Product jar package name staxutils Low Product pom artifactid stax-utils Highest Product file name stax-utils-20060502 High Version pom version 20060502 Highest Version file version 20060502 Medium
maven: net.java.dev.stax-utils:stax-utils:20060502 Confidence :Highest stax-api-1.0.1.jarDescription:
StAX API is the standard java XML processing API defined by JSR-173 License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/stax/stax-api/1.0.1/stax-api-1.0.1.jar
MD5: 7d436a53c64490bee564c576babb36b4
SHA1: 49c100caf72d658aca8e58bd74a4ba90fa2b0d70
SHA256: d1968436fc216c901fb9b82c7e878b50fd1d30091676da95b2edd3a9c0ccf92e
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name StAX API High Vendor Manifest specification-vendor JCP-173 Low Vendor file name stax-api High Vendor pom artifactid stax-api Low Vendor pom url http://stax.codehaus.org/ Highest Vendor pom groupid stax Highest Vendor Manifest Implementation-Vendor JCP High Vendor pom description StAX API is the standard java XML processing API defined by JSR-173 Medium Product Manifest specification-title StAX Medium Product pom name StAX API High Product pom groupid stax Low Product file name stax-api High Product pom url http://stax.codehaus.org/ Medium Product pom artifactid stax-api Highest Product Manifest Implementation-Title StAX 1.0 API High Product pom description StAX API is the standard java XML processing API defined by JSR-173 Medium Version file version 1.0.1 Highest Version pom version 1.0.1 Highest Version Manifest Implementation-Version 1.0.1 High
maven: stax:stax-api:1.0.1 Confidence :Highest maven-scm-api-1.1.jarDescription:
The SCM API provides mechanisms to manage all SCM tools. File Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-api/1.1/maven-scm-api-1.1.jarMD5: 0f6531ffdf68a04468ab6a9d8a9b3f08SHA1: eb12ceb959edaae4e157fe3337e2b3cbc94f27d4SHA256: 6310020460a9c9cc37b88355874e573f4dbeb11ff91745a0c5c17f7bd16b6006Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor pom artifactid maven-scm-api Low Vendor pom parent-artifactid maven-scm Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium Vendor file name maven-scm-api High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom name Maven SCM API High Vendor pom description The SCM API provides mechanisms to manage all SCM tools. Medium Vendor pom groupid apache.maven.scm Highest Product Manifest specification-title Maven SCM API Medium Product pom parent-artifactid maven-scm Medium Product Manifest Implementation-Title Maven SCM API High Product pom groupid apache.maven.scm Low Product file name maven-scm-api High Product pom artifactid maven-scm-api Highest Product pom parent-groupid org.apache.maven.scm Low Product pom name Maven SCM API High Product pom description The SCM API provides mechanisms to manage all SCM tools. Medium Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version file version 1.1 Highest
maven: org.apache.maven.scm:maven-scm-api:1.1 Confidence :Highest aopalliance-1.0.jarDescription:
AOP Alliance License:
Public Domain File Path: /Users/Kevin/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256: 0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor jar package name intercept Low Vendor pom name AOP alliance High Vendor pom url http://aopalliance.sourceforge.net Highest Vendor pom description AOP Alliance Medium Vendor pom artifactid aopalliance Low Vendor pom groupid aopalliance Highest Vendor file name aopalliance High Vendor jar package name aopalliance Low Product jar package name intercept Low Product pom artifactid aopalliance Highest Product pom name AOP alliance High Product pom description AOP Alliance Medium Product file name aopalliance High Product pom groupid aopalliance Low Product pom url http://aopalliance.sourceforge.net Medium Version file version 1.0 Highest Version pom version 1.0 Highest
maven: aopalliance:aopalliance:1.0 Confidence :Highest spring-core-2.5.6.jarDescription:
Spring Framework: Core License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/springframework/spring-core/2.5.6/spring-core-2.5.6.jar
MD5: 378db2cc1fbdd9ed05dff2dc1023963e
SHA1: c450bc49099430e13d21548d1e3d1a564b7e35e9
SHA256: cf37656069488043c47f49a5520bb06d6879b63ef6044abb200c51a7ff2d6c49
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.springframework.core Medium Vendor pom description Spring Framework: Core Medium Vendor hint analyzer vendor vmware High Vendor pom name Spring Framework: Core High Vendor hint analyzer vendor pivotal software High Vendor hint analyzer vendor SpringSource High Vendor file name spring-core High Vendor pom organization url http://www.springframework.org/ Medium Vendor pom artifactid spring-core Low Vendor pom organization name Spring Framework High Vendor pom url http://www.springframework.org Highest Vendor pom groupid springframework Highest Vendor pom groupid org.springframework Highest Product Manifest bundle-symbolicname org.springframework.core Medium Product pom organization name Spring Framework Low Product pom description Spring Framework: Core Medium Product Manifest Bundle-Name Spring Core Medium Product pom groupid springframework Low Product pom url http://www.springframework.org Medium Product Manifest Implementation-Title Spring Framework High Product pom name Spring Framework: Core High Product pom organization url http://www.springframework.org/ Low Product pom artifactid spring-core Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework High Version pom version 2.5.6 Highest Version file version 2.5.6 Highest Version Manifest Implementation-Version 2.5.6 High
Related Dependencies spring-context-2.5.6.jarFile Path: /Users/Kevin/.m2/repository/org/springframework/spring-context/2.5.6/spring-context-2.5.6.jar MD5: 2877336fffe22b40c7d20b91e4c0e7db SHA1: 983416e612875bdcf877dad4c9d5d77ae37e06ee SHA256: 785f140e349c77c88e0d7f6a2df64e77704c295b681e0d6afb3b1ff2f6c97cf7 cpe: cpe:/a:springsource:spring_framework:2.5.6 spring-beans-2.5.6.jarFile Path: /Users/Kevin/.m2/repository/org/springframework/spring-beans/2.5.6/spring-beans-2.5.6.jar MD5: 25c0752852205167af8f31a1eb019975 SHA1: 449ea46b27426eb846611a90b2fb8b4dcf271191 SHA256: d33246bb33527685d04f23536ebf91b06ad7fa8b371fcbeb12f01523eb610104 cpe: cpe:/a:springsource:spring_framework:2.5.6 cpe: cpe:/a:vmware:springsource_spring_framework:2.5.6 Confidence :Low suppress cpe: cpe:/a:pivotal_software:spring_framework:2.5.6 Confidence :Low suppress cpe: cpe:/a:springsource:spring_framework:2.5.6 Confidence :Highest suppress cpe: cpe:/a:pivotal:spring_framework:2.5.6 Confidence :Low suppress maven: org.springframework:spring-core:2.5.6 Confidence :Highest Published Vulnerabilities CVE-2010-1622 suppress
Severity:Medium CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. Vulnerable Software & Versions: (show all )
CVE-2011-2730 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-352 Cross-Site Request Forgery (CSRF)
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-358 Improperly Implemented Security Check for Standard
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Severity:Medium CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. Vulnerable Software & Versions: (show all )
plexus-spring-1.2.jarDescription:
Bridge utility to use plexus components in a SpringFramework context. File Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-spring/1.2/plexus-spring-1.2.jarMD5: f685d843ac463248f6d9021b844b27feSHA1: 3b81c51438e5c0a8bc5461041202d5647d13f8aaSHA256: bd664b9e7dc1e8a4074b46a4a226522cd5fca18f049eff9ccf370db58eab278cReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.codehaus.plexus Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor file name plexus-spring High Vendor jar package name codehaus Low Vendor pom artifactid plexus-spring Low Vendor jar package name plexus Low Vendor pom name Plexus to Spring Adapter High Vendor pom groupid codehaus.plexus Highest Vendor pom parent-artifactid plexus-components Low Vendor jar package name spring Low Vendor pom description Bridge utility to use plexus components in a SpringFramework context. Medium Product pom groupid codehaus.plexus Low Product pom parent-groupid org.codehaus.plexus Low Product file name plexus-spring High Product jar package name plexus Low Product pom name Plexus to Spring Adapter High Product pom artifactid plexus-spring Highest Product pom parent-artifactid plexus-components Medium Product jar package name spring Low Product pom description Bridge utility to use plexus components in a SpringFramework context. Medium Version pom version 1.2 Highest Version file version 1.2 Highest
maven: org.codehaus.plexus:plexus-spring:1.2 Confidence :Highest geronimo-spec-jta-1.0.1B-rc2.jarFile Path: /Users/Kevin/.m2/repository/geronimo-spec/geronimo-spec-jta/1.0.1B-rc2/geronimo-spec-jta-1.0.1B-rc2.jarMD5: d30af655d27dc060e0060caed2e8c398SHA1: 3f4da55af12c3f8b1b36bc411d1915733b52cddcSHA256: 06dc7662747c495d8469aa35eda1d3c46b3c0eb0441f03809b6aa68537e4e1b5Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name geronimo-spec-jta High Vendor pom groupid geronimo-spec Highest Vendor Manifest extension-name geronimo-spec-jta Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom artifactid geronimo-spec-jta Low Vendor Manifest specification-vendor Apache Software Foundation Low Product file name geronimo-spec-jta High Product Manifest extension-name geronimo-spec-jta Medium Product pom artifactid geronimo-spec-jta Highest Product Manifest Implementation-Title javax.transaction High Product Manifest specification-title Medium Product pom groupid geronimo-spec Low Version pom version 1.0.1B-rc2 Highest Version Manifest Implementation-Version 1.0.1B-rc2 High
Published Vulnerabilities CVE-2008-0732 suppress
Severity:Low CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories. Vulnerable Software & Versions:
CVE-2011-5034 suppress
Severity:High CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CWE: CWE-20 Improper Input Validation
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461. Vulnerable Software & Versions: (show all )
jdo2-api-2.0.jarDescription:
The Java Data Objects 2.0 (JDO) API is a standard interface-based
Java model abstraction of persistence, developed as Java Specification
Request 243 under the auspices of the Java Community Process. File Path: /Users/Kevin/.m2/repository/javax/jdo/jdo2-api/2.0/jdo2-api-2.0.jarMD5: 5449e46a8f13c0788b8811ffd231c45fSHA1: b7e19cbd9b2be71442b21c36847a7434d30d6886SHA256: 7462ac58a3ad8a2511cceabe3f98b94a15f087a4322baa4372a5478b480fb908Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid javax.jdo Highest Vendor pom artifactid jdo2-api Low Vendor pom description The Java Data Objects 2.0 (JDO) API is a standard interface-based Java model abstraction of persistence, developed as Java Specification Request 243 under the auspices of the Java Community Process. Low Vendor Manifest extension-name jdo2-api Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom name JDO2 API High Vendor file name jdo2-api High Vendor Manifest specification-vendor Apache Software Foundation Low Product Manifest Implementation-Title javax.jdo High Product pom description The Java Data Objects 2.0 (JDO) API is a standard interface-based Java model abstraction of persistence, developed as Java Specification Request 243 under the auspices of the Java Community Process. Low Product Manifest extension-name jdo2-api Medium Product pom groupid javax.jdo Low Product pom artifactid jdo2-api Highest Product pom name JDO2 API High Product file name jdo2-api High Product Manifest specification-title Java Data Objects 2.0 (JDO) API Medium Version pom version 2.0 Highest Version Manifest Implementation-Version 2.0 High Version file version 2.0 Highest
maven: javax.jdo:jdo2-api:2.0 Confidence :Highest plexus-jdo2-1.0-alpha-8.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-jdo2/1.0-alpha-8/plexus-jdo2-1.0-alpha-8.jarMD5: 7ed55617340fb8b1448c763fdeffb096SHA1: 9f9ff7efefa282a0108624c4e4626e1b92c13646SHA256: 5c15529d5f45621844f60c7d86c6529c1bc1477ddfaf53fd52e509f3a57ead30Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name Plexus JDO Component High Vendor pom groupid org.codehaus.plexus Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor jar package name jdo Low Vendor pom artifactid plexus-jdo2 Low Vendor jar package name codehaus Low Vendor jar package name plexus Low Vendor file name plexus-jdo2 High Vendor pom groupid codehaus.plexus Highest Vendor pom parent-artifactid plexus-components Low Product pom name Plexus JDO Component High Product jar package name jdo Low Product pom groupid codehaus.plexus Low Product pom parent-groupid org.codehaus.plexus Low Product jar package name plexus Low Product file name plexus-jdo2 High Product pom parent-artifactid plexus-components Medium Product pom artifactid plexus-jdo2 Highest Version pom version 1.0-alpha-8 Highest Version pom parent-version 1.0-alpha-8 Low Version file version 1.0.alpha Highest Version file name plexus-jdo2 Medium
maven: org.codehaus.plexus:plexus-jdo2:1.0-alpha-8 Confidence :Highest maven-settings-2.0.9.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jarMD5: 6a19eb17efdb4e0c1dd65c32e87b1019SHA1: ab8d338c00fab0db29af358ab0676c3c02d7329fSHA256: 1e5c98ebc4b9ae1f2c8d843c1dd9701a1c25b9afaff143c3e1fa4d90c22850feReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid maven Low Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom groupid apache.maven Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor file name maven-settings High Vendor pom artifactid maven-settings Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.maven Highest Vendor pom parent-groupid org.apache.maven Medium Vendor pom name Maven Local Settings Model High Product pom artifactid maven-settings Highest Product Manifest Implementation-Title Maven Local Settings Model High Product file name maven-settings High Product Manifest specification-title Maven Local Settings Model Medium Product pom parent-artifactid maven Medium Product pom groupid apache.maven Low Product pom parent-groupid org.apache.maven Low Product pom name Maven Local Settings Model High Version pom version 2.0.9 Highest Version Manifest Implementation-Version 2.0.9 High Version file version 2.0.9 Highest
maven: org.apache.maven:maven-settings:2.0.9 Confidence :Highest maven-profile-2.0.9.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jarMD5: e1478a4633fef786e33e2717681fe199SHA1: 0b9b02df9134bff9edb4f4e1624243d005895234SHA256: 88fe952eaf4e28da0533ceef5d8e9b7fc9f09f7f825ab342130bf4b8c3805664Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid maven Low Vendor file name maven-profile High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom name Maven Profile Model High Vendor pom groupid apache.maven Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-profile Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.maven Highest Vendor pom parent-groupid org.apache.maven Medium Product pom artifactid maven-profile Highest Product file name maven-profile High Product Manifest Implementation-Title Maven Profile Model High Product pom name Maven Profile Model High Product Manifest specification-title Maven Profile Model Medium Product pom parent-artifactid maven Medium Product pom groupid apache.maven Low Product pom parent-groupid org.apache.maven Low Version pom version 2.0.9 Highest Version Manifest Implementation-Version 2.0.9 High Version file version 2.0.9 Highest
maven: org.apache.maven:maven-profile:2.0.9 Confidence :Highest maven-plugin-registry-2.0.9.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jarMD5: 1f00b6993350f474c5ba3d2f216454f9SHA1: a7172a87a7cb901cf6df4df9fd89a3c2d3f8a770SHA256: 5e6cc5d0501c8d9b9abf9605283e95733b9428c9033a079502cd4d97cd0c490eReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name Maven Plugin Registry Model High Vendor pom parent-artifactid maven Low Vendor file name maven-plugin-registry High Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom groupid apache.maven Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-plugin-registry Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.maven Highest Vendor pom parent-groupid org.apache.maven Medium Product Manifest specification-title Maven Plugin Registry Model Medium Product pom artifactid maven-plugin-registry Highest Product pom name Maven Plugin Registry Model High Product file name maven-plugin-registry High Product Manifest Implementation-Title Maven Plugin Registry Model High Product pom parent-artifactid maven Medium Product pom groupid apache.maven Low Product pom parent-groupid org.apache.maven Low Version pom version 2.0.9 Highest Version Manifest Implementation-Version 2.0.9 High Version file version 2.0.9 Highest
maven: org.apache.maven:maven-plugin-registry:2.0.9 Confidence :Highest maven-project-2.0.9.jarDescription:
This library is used to not only read Maven project object model files, but to assemble inheritence
and to retrieve remote models as required. File Path: /Users/Kevin/.m2/repository/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jarMD5: 5f83007173bd07249b00420ebbd813b0SHA1: 30ec37813df5a212888a1f3df0b27497ecef4ad8SHA256: c82db125f53716f59008e3214063869717a976bf857879de6d4092c73cdc7e12Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name maven-project High Vendor pom parent-artifactid maven Low Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom groupid apache.maven Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.maven Highest Vendor pom description This library is used to not only read Maven project object model files, but to assemble inheritence and to retrieve remote models as required. Low Vendor pom parent-groupid org.apache.maven Medium Vendor pom artifactid maven-project Low Vendor pom name Maven Project Builder High Product file name maven-project High Product Manifest Implementation-Title Maven Project Builder High Product pom artifactid maven-project Highest Product pom parent-artifactid maven Medium Product pom groupid apache.maven Low Product Manifest specification-title Maven Project Builder Medium Product pom description This library is used to not only read Maven project object model files, but to assemble inheritence and to retrieve remote models as required. Low Product pom parent-groupid org.apache.maven Low Product pom name Maven Project Builder High Version pom version 2.0.9 Highest Version Manifest Implementation-Version 2.0.9 High Version file version 2.0.9 Highest
maven: org.apache.maven:maven-project:2.0.9 Confidence :Highest maven-model-2.0.9.jarDescription:
Maven Model File Path: /Users/Kevin/.m2/repository/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jarMD5: 05fc405395b7dfdd0300929fb2a16bf2SHA1: 9fb844625928dd992842e180853fbb2b197c9a9dSHA256: 87083dd97721542f2745eede587fbb6cb1aef2b395f46c2bd578c6d9d7b63521Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid maven Low Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom groupid apache.maven Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-model Low Vendor pom description Maven Model Medium Vendor file name maven-model High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Maven Model High Vendor pom groupid org.apache.maven Highest Vendor pom parent-groupid org.apache.maven Medium Product Manifest Implementation-Title Maven Model High Product pom description Maven Model Medium Product Manifest specification-title Maven Model Medium Product file name maven-model High Product pom name Maven Model High Product pom parent-artifactid maven Medium Product pom groupid apache.maven Low Product pom artifactid maven-model Highest Product pom parent-groupid org.apache.maven Low Version pom version 2.0.9 Highest Version Manifest Implementation-Version 2.0.9 High Version file version 2.0.9 Highest
maven: org.apache.maven:maven-model:2.0.9 Confidence :Highest maven-artifact-2.0.9.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jarMD5: c6f1bcc526bc0958dee6cd0fbc9a8dbeSHA1: 66f0c8baa789fffdf54924cf395b26bbc2130435SHA256: 0b16842a33350f5478c4c717bf664251c27459ec5c0b8d0ca4d0050545aba48bReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name maven-artifact High Vendor pom parent-artifactid maven Low Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom artifactid maven-artifact Low Vendor pom groupid apache.maven Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Maven Artifact High Vendor pom groupid org.apache.maven Highest Vendor pom parent-groupid org.apache.maven Medium Product file name maven-artifact High Product Manifest Implementation-Title Maven Artifact High Product Manifest specification-title Maven Artifact Medium Product pom name Maven Artifact High Product pom parent-artifactid maven Medium Product pom artifactid maven-artifact Highest Product pom groupid apache.maven Low Product pom parent-groupid org.apache.maven Low Version pom version 2.0.9 Highest Version Manifest Implementation-Version 2.0.9 High Version file version 2.0.9 Highest
maven: org.apache.maven:maven-artifact:2.0.9 Confidence :Highest maven-repository-metadata-2.0.9.jarDescription:
Maven Plugin Mapping File Path: /Users/Kevin/.m2/repository/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jarMD5: 566d26822d3f3fc8e6a884cd6809d70eSHA1: dd79022a827b1d577865d5c97f8ad0c7d6b067b7SHA256: 2c302f060de887716be438e0eb0c3d89d7ece213631882446ee0b19880c00dbdReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name maven-repository-metadata High Vendor pom parent-artifactid maven Low Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom groupid apache.maven Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom description Maven Plugin Mapping Medium Vendor pom groupid org.apache.maven Highest Vendor pom artifactid maven-repository-metadata Low Vendor pom name Maven Repository Metadata Model High Vendor pom parent-groupid org.apache.maven Medium Product file name maven-repository-metadata High Product pom artifactid maven-repository-metadata Highest Product pom parent-artifactid maven Medium Product pom description Maven Plugin Mapping Medium Product Manifest Implementation-Title Maven Repository Metadata Model High Product Manifest specification-title Maven Repository Metadata Model Medium Product pom groupid apache.maven Low Product pom name Maven Repository Metadata Model High Product pom parent-groupid org.apache.maven Low Version pom version 2.0.9 Highest Version Manifest Implementation-Version 2.0.9 High Version file version 2.0.9 Highest
maven: org.apache.maven:maven-repository-metadata:2.0.9 Confidence :Highest wagon-provider-api-1.0-beta-2.jarDescription:
Maven Wagon API that defines the contract between different Wagon implementations File Path: /Users/Kevin/.m2/repository/org/apache/maven/wagon/wagon-provider-api/1.0-beta-2/wagon-provider-api-1.0-beta-2.jarMD5: f41eb4e07a725eea3332743a29057855SHA1: abd1c9ace6e87c94a4b91f5176aeb09d954b23a3SHA256: 0ba6040074d1e193580bae9314392940f5ecd81e3b6d3b3381050360dce033adReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid wagon Low Vendor jar package name maven Low Vendor jar package name wagon Low Vendor jar package name apache Low Vendor pom description Maven Wagon API that defines the contract between different Wagon implementations Medium Vendor pom artifactid wagon-provider-api Low Vendor pom groupid org.apache.maven.wagon Highest Vendor file name wagon-provider-api High Vendor pom groupid apache.maven.wagon Highest Vendor pom parent-groupid org.apache.maven.wagon Medium Vendor pom name Maven Wagon API High Product pom artifactid wagon-provider-api Highest Product jar package name wagon Low Product jar package name maven Low Product pom groupid apache.maven.wagon Low Product pom description Maven Wagon API that defines the contract between different Wagon implementations Medium Product pom parent-groupid org.apache.maven.wagon Low Product file name wagon-provider-api High Product pom parent-artifactid wagon Medium Product pom name Maven Wagon API High Version pom version 1.0-beta-2 Highest Version file version 1.0.beta Highest Version file name wagon-provider-api Medium
maven: org.apache.maven.wagon:wagon-provider-api:1.0-beta-2 Confidence :Highest maven-artifact-manager-2.0.9.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jarMD5: 4940bb2f80c2c36f4b16250bbf383247SHA1: 53224a5254101fb9b6d561d5a53c6d0817036d94SHA256: d913865e03e719ac5733260019e98090a12b50683134e65f78c36e8d67f11ff1Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name Maven Artifact Manager High Vendor pom parent-artifactid maven Low Vendor Manifest Implementation-Vendor-Id org.apache.maven Medium Vendor pom groupid apache.maven Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid maven-artifact-manager Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.maven Highest Vendor file name maven-artifact-manager High Vendor pom parent-groupid org.apache.maven Medium Product pom artifactid maven-artifact-manager Highest Product pom name Maven Artifact Manager High Product Manifest specification-title Maven Artifact Manager Medium Product pom parent-artifactid maven Medium Product pom groupid apache.maven Low Product file name maven-artifact-manager High Product Manifest Implementation-Title Maven Artifact Manager High Product pom parent-groupid org.apache.maven Low Version pom version 2.0.9 Highest Version Manifest Implementation-Version 2.0.9 High Version file version 2.0.9 Highest
maven: org.apache.maven:maven-artifact-manager:2.0.9 Confidence :Highest maven-scm-provider-accurev-1.1.jarDescription:
SCM Provider implementation for AccuRev (http://www.accurev.com/). File Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-accurev/1.1/maven-scm-provider-accurev-1.1.jarMD5: ad7ebe5e2cc44cfa000e7ec358eb638cSHA1: 10d68f31b82de859e9503136b4686a547cb3a9caSHA256: fb5c4cae9e4f967b5d9156133de2f063803bc9ebc7f83f0e3b5d8d1a7b727d4bReferenced In Project/Scope: trial:runtime
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor pom artifactid maven-scm-provider-accurev Low Vendor pom parent-artifactid maven-scm-providers Low Vendor pom name Maven SCM AccuRev Provider High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor file name maven-scm-provider-accurev High Vendor pom description SCM Provider implementation for AccuRev (http://www.accurev.com/). Medium Vendor pom groupid apache.maven.scm Highest Product pom parent-artifactid maven-scm-providers Medium Product pom name Maven SCM AccuRev Provider High Product pom groupid apache.maven.scm Low Product pom artifactid maven-scm-provider-accurev Highest Product Manifest Implementation-Title Maven SCM AccuRev Provider High Product Manifest specification-title Maven SCM AccuRev Provider Medium Product pom parent-groupid org.apache.maven.scm Low Product file name maven-scm-provider-accurev High Product pom description SCM Provider implementation for AccuRev (http://www.accurev.com/). Medium Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version file version 1.1 Highest
maven: org.apache.maven.scm:maven-scm-provider-accurev:1.1 Confidence :Highest maven-scm-provider-git-commons-1.1.jarDescription:
Common library for SCM Git Provider. File Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-git-commons/1.1/maven-scm-provider-git-commons-1.1.jarMD5: 6f4fac925bd7f0d91fc2a6ad4956a47eSHA1: 27b21c9c09bfb02002c103e965d8e4cdaa480229SHA256: fefa7d23401cebbf5220471b999a455fccc7f43a354631247d4466307659600dReferenced In Project/Scope: trial:runtime
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor pom description Common library for SCM Git Provider. Medium Vendor pom artifactid maven-scm-provider-git-commons Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium Vendor pom name Maven SCM Git Provider - Common library High Vendor pom parent-artifactid maven-scm-providers-git Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor file name maven-scm-provider-git-commons High Vendor pom groupid apache.maven.scm Highest Product Manifest Implementation-Title Maven SCM Git Provider - Common library High Product pom parent-artifactid maven-scm-providers-git Medium Product pom description Common library for SCM Git Provider. Medium Product Manifest specification-title Maven SCM Git Provider - Common library Medium Product pom groupid apache.maven.scm Low Product pom name Maven SCM Git Provider - Common library High Product pom artifactid maven-scm-provider-git-commons Highest Product pom parent-groupid org.apache.maven.scm Low Product file name maven-scm-provider-git-commons High Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version file version 1.1 Highest
maven: org.apache.maven.scm:maven-scm-provider-git-commons:1.1 Confidence :Highest maven-scm-provider-gitexe-1.1.jarDescription:
Executable implementation for SCM Git Provider. File Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-gitexe/1.1/maven-scm-provider-gitexe-1.1.jarMD5: 7c707ed22b1aa8fb588470f2187d308cSHA1: d1ebbade131e07eb4149f5b0a454da2212634997SHA256: 33c308532240106dcee6945f82ee720e98db14df61f4cb5c7471b8800c1ec05bReferenced In Project/Scope: trial:runtime
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor pom description Executable implementation for SCM Git Provider. Medium Vendor pom name Maven SCM Git Provider - Git Executable Impl. High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium Vendor pom artifactid maven-scm-provider-gitexe Low Vendor pom parent-artifactid maven-scm-providers-git Low Vendor file name maven-scm-provider-gitexe High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product pom artifactid maven-scm-provider-gitexe Highest Product pom parent-artifactid maven-scm-providers-git Medium Product pom description Executable implementation for SCM Git Provider. Medium Product pom name Maven SCM Git Provider - Git Executable Impl. High Product pom groupid apache.maven.scm Low Product file name maven-scm-provider-gitexe High Product Manifest specification-title Maven SCM Git Provider - Git Executable Impl. Medium Product pom parent-groupid org.apache.maven.scm Low Product Manifest Implementation-Title Maven SCM Git Provider - Git Executable Impl. High Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version file version 1.1 Highest
maven: org.apache.maven.scm:maven-scm-provider-gitexe:1.1 Confidence :Highest maven-scm-provider-vss-1.1.jarDescription:
SCM Provider implementation for VSS (http://msdn.microsoft.com/en-us/vstudio/aa700907.aspx). File Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-vss/1.1/maven-scm-provider-vss-1.1.jarMD5: 75f4a74bc5645bf2d2c859396d7a097bSHA1: 58971b7a720cd21aa4ba5eb312769ad234352a4aSHA256: 7c7598a4e4ab0f11594b73471d7457f9d936d266bc81805068362eda2db211c2Referenced In Project/Scope: trial:runtime
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor pom parent-artifactid maven-scm-providers Low Vendor file name maven-scm-provider-vss High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Maven SCM Visual Source Safe Provider High Vendor pom description SCM Provider implementation for VSS (http://msdn.microsoft.com/en-us/vstudio/aa700907.aspx). Medium Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Vendor pom artifactid maven-scm-provider-vss Low Product Manifest Implementation-Title Maven SCM Visual Source Safe Provider High Product pom parent-artifactid maven-scm-providers Medium Product file name maven-scm-provider-vss High Product pom artifactid maven-scm-provider-vss Highest Product pom groupid apache.maven.scm Low Product Manifest specification-title Maven SCM Visual Source Safe Provider Medium Product pom parent-groupid org.apache.maven.scm Low Product pom name Maven SCM Visual Source Safe Provider High Product pom description SCM Provider implementation for VSS (http://msdn.microsoft.com/en-us/vstudio/aa700907.aspx). Medium Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version file version 1.1 Highest
maven: org.apache.maven.scm:maven-scm-provider-vss:1.1 Confidence :Highest maven-scm-provider-cvs-commons-1.1.jarDescription:
Common library for SCM CVS Provider. File Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-cvs-commons/1.1/maven-scm-provider-cvs-commons-1.1.jarMD5: c837e53c38f0dea4fa7c560317b16ab1SHA1: 198d03e76ab1f5f8b9379f7f52834c92a73ae42bSHA256: 48b7b42ed37d61209b1b5a442c1618e815abe373ea78f8f4ea5db6a0f65943a7Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor file name maven-scm-provider-cvs-commons High Vendor pom artifactid maven-scm-provider-cvs-commons Low Vendor pom description Common library for SCM CVS Provider. Medium Vendor pom name Maven SCM CVS Provider - Common library High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid maven-scm-providers-cvs Low Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product file name maven-scm-provider-cvs-commons High Product pom parent-artifactid maven-scm-providers-cvs Medium Product Manifest specification-title Maven SCM CVS Provider - Common library Medium Product pom description Common library for SCM CVS Provider. Medium Product pom name Maven SCM CVS Provider - Common library High Product pom groupid apache.maven.scm Low Product pom artifactid maven-scm-provider-cvs-commons Highest Product Manifest Implementation-Title Maven SCM CVS Provider - Common library High Product pom parent-groupid org.apache.maven.scm Low Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version file version 1.1 Highest
maven: org.apache.maven.scm:maven-scm-provider-cvs-commons:1.1 Confidence :Highest maven-scm-provider-svn-commons-1.1.jarDescription:
Common library for SCM SVN Provider. File Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-svn-commons/1.1/maven-scm-provider-svn-commons-1.1.jarMD5: 2a07d9204f1b46fc9ee3f123a2640327SHA1: 8be8b282cfd6b6ca9787a53945d63042a679fbc4SHA256: 96c2e236e53a59d7cefa411c642b2ab0f5857f1e4f45df5985d15527c0ca1f89Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor file name maven-scm-provider-svn-commons High Vendor pom artifactid maven-scm-provider-svn-commons Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.maven.scm Medium Vendor pom name Maven SCM Subversion Provider - Common library High Vendor pom parent-artifactid maven-scm-providers-svn Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Vendor pom description Common library for SCM SVN Provider. Medium Product Manifest Implementation-Title Maven SCM Subversion Provider - Common library High Product file name maven-scm-provider-svn-commons High Product pom parent-artifactid maven-scm-providers-svn Medium Product pom groupid apache.maven.scm Low Product pom name Maven SCM Subversion Provider - Common library High Product Manifest specification-title Maven SCM Subversion Provider - Common library Medium Product pom artifactid maven-scm-provider-svn-commons Highest Product pom parent-groupid org.apache.maven.scm Low Product pom description Common library for SCM SVN Provider. Medium Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version file version 1.1 Highest
maven: org.apache.maven.scm:maven-scm-provider-svn-commons:1.1 Confidence :Highest spring-web-2.5.1.jarDescription:
Spring Framework: Web License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/springframework/spring-web/2.5.1/spring-web-2.5.1.jar
MD5: 1c23331319bd9e110e1165ffb4d69281
SHA1: d9d2cd14ad9e0e9a9107af7c390dcfa156451614
SHA256: c2ddf7abcb6a6fbcfda05cab754c54a99888c08e4981c967b3eaebdffc91d697
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.springframework.bundle.spring.web Medium Vendor hint analyzer vendor vmware High Vendor pom description Spring Framework: Web Medium Vendor file name spring-web High Vendor Manifest originally-created-by 1.6.0_03-b05 (Sun Microsystems Inc.) Low Vendor hint analyzer vendor pivotal software High Vendor pom artifactid spring-web Low Vendor hint analyzer vendor SpringSource High Vendor pom name Spring Framework: Web High Vendor pom organization url http://www.springframework.org/ Medium Vendor pom organization name Spring Framework High Vendor pom url http://www.springframework.org Highest Vendor pom groupid springframework Highest Vendor pom groupid org.springframework Highest Vendor manifest Bundle-Description Spring Framework Medium Product pom organization name Spring Framework Low Product pom groupid springframework Low Product Manifest bundle-symbolicname org.springframework.bundle.spring.web Medium Product pom url http://www.springframework.org Medium Product pom description Spring Framework: Web Medium Product Manifest Implementation-Title Spring Framework High Product file name spring-web High Product Manifest originally-created-by 1.6.0_03-b05 (Sun Microsystems Inc.) Low Product pom organization url http://www.springframework.org/ Low Product Manifest Bundle-Name spring-web Medium Product pom name Spring Framework: Web High Product pom artifactid spring-web Highest Product hint analyzer product springsource_spring_framework High Product manifest Bundle-Description Spring Framework Medium Version Manifest Implementation-Version 2.5.1 High Version file version 2.5.1 Highest Version pom version 2.5.1 Highest
cpe: cpe:/a:vmware:springsource_spring_framework:2.5.1 Confidence :Low suppress maven: org.springframework:spring-web:2.5.1 Confidence :Highestcpe: cpe:/a:pivotal:spring_framework:2.5.1 Confidence :Low suppress cpe: cpe:/a:pivotal_software:spring_framework:2.5.1 Confidence :Low suppress cpe: cpe:/a:springsource:spring_framework:2.5.1 Confidence :Highest suppress Published Vulnerabilities CVE-2010-1622 suppress
Severity:Medium CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file. Vulnerable Software & Versions: (show all )
CVE-2011-2730 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-16 Configuration
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection." Vulnerable Software & Versions: (show all )
CVE-2013-4152 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. Vulnerable Software & Versions: (show all )
CVE-2013-6429 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. Vulnerable Software & Versions: (show all )
CVE-2013-7315 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. Vulnerable Software & Versions: (show all )
CVE-2014-0054 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-352 Cross-Site Request Forgery (CSRF)
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429. Vulnerable Software & Versions: (show all )
CVE-2014-1904 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. Vulnerable Software & Versions: (show all )
CVE-2016-9878 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks. Vulnerable Software & Versions: (show all )
CVE-2018-1270 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-358 Improperly Implemented Security Check for Standard
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. Vulnerable Software & Versions: (show all )
CVE-2018-1271 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. Vulnerable Software & Versions: (show all )
CVE-2018-1272 suppress
Severity:Medium CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. Vulnerable Software & Versions: (show all )
xmlrpc-server-3.1.jarFile Path: /Users/Kevin/.m2/repository/org/apache/xmlrpc/xmlrpc-server/3.1/xmlrpc-server-3.1.jarMD5: 7f6cfbfab89cde69b4a4541f8c8824fbSHA1: e5d7c821560950cec129f787a840e1d22ddb93d5SHA256: 44bf076bf5cb4b5ef81fcd92069e53ef8b1e4564ac2405208d140fd35eb6394dReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.xmlrpc Highest Vendor pom groupid apache.xmlrpc Highest Vendor pom name Apache XML-RPC Server Library High Vendor Manifest extension-name org.apache.xmlrpc.server Medium Vendor pom artifactid xmlrpc-server Low Vendor Manifest specification-vendor UserLand Software, Inc. Low Vendor pom parent-artifactid xmlrpc Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.xmlrpc Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor file name xmlrpc-server High Product pom parent-groupid org.apache.xmlrpc Low Product Manifest specification-title XML-RPC Medium Product pom parent-artifactid xmlrpc Medium Product pom name Apache XML-RPC Server Library High Product Manifest extension-name org.apache.xmlrpc.server Medium Product pom groupid apache.xmlrpc Low Product pom artifactid xmlrpc-server Highest Product file name xmlrpc-server High Version pom version 3.1 Highest Version Manifest Implementation-Version 3.1 High Version file version 3.1 Highest
Related Dependencies xmlrpc-common-3.1.jarFile Path: /Users/Kevin/.m2/repository/org/apache/xmlrpc/xmlrpc-common/3.1/xmlrpc-common-3.1.jar MD5: c221e2cc102730b0c6248495082a8115 SHA1: 2607779de0ecefee010a2924b914469c37d6c43b SHA256: 7c1e734a6139a4655bd7fdc28cfd78aa2d0a99a17aa52067f2d27dd98b1ce82d xmlrpc-client-3.1.jarFile Path: /Users/Kevin/.m2/repository/org/apache/xmlrpc/xmlrpc-client/3.1/xmlrpc-client-3.1.jar MD5: c4d2b382ea5e485df267ac918e5e8f40 SHA1: f58de79c17bd6f6fb659931882e3c4e1cc72539a SHA256: a3ebb0379f229ab2eea566d43ed78b379f2670cdafc2191ab7dccc716a1f1906 maven: org.apache.xmlrpc:xmlrpc-server:3.1 Confidence :Highestcpe: cpe:/a:apache:xml-rpc:3.1.3 Confidence :Low suppress Published Vulnerabilities CVE-2016-5002 suppress
Severity:High CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted DTD. Vulnerable Software & Versions:
atlassian-xmlrpc-binder-server-spring-0.8.2.jarFile Path: /Users/Kevin/.m2/repository/com/atlassian/xmlrpc/atlassian-xmlrpc-binder-server-spring/0.8.2/atlassian-xmlrpc-binder-server-spring-0.8.2.jarMD5: 7a0faf307a48729a74923f3a0cd1f536SHA1: 6c63b04d743b480dc0191a7f2436bd11b75acff3SHA256: 2ce7c7f5a7e8b2dc5f59b87d911112c0e6078bcc648120e8d22d4010de7f2823Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name atlassian-xmlrpc-binder-server-spring High Vendor pom parent-groupid com.atlassian.xmlrpc Medium Vendor pom url http://maven.apache.org Highest Vendor pom groupid atlassian.xmlrpc Highest Vendor pom artifactid atlassian-xmlrpc-binder-server-spring Low Vendor pom groupid com.atlassian.xmlrpc Highest Vendor pom name Atlassian XML-RPC Binder Server Spring Components High Vendor jar package name xmlrpc Low Vendor jar package name atlassian Low Vendor jar package name spring Low Vendor pom parent-artifactid atlassian-xmlrpc-binder-parent Low Product file name atlassian-xmlrpc-binder-server-spring High Product pom name Atlassian XML-RPC Binder Server Spring Components High Product jar package name xmlrpc Low Product pom groupid atlassian.xmlrpc Low Product pom parent-groupid com.atlassian.xmlrpc Low Product pom artifactid atlassian-xmlrpc-binder-server-spring Highest Product pom parent-artifactid atlassian-xmlrpc-binder-parent Medium Product pom url http://maven.apache.org Medium Product jar package name spring Low Version file version 0.8.2 Highest Version pom version 0.8.2 Highest
maven: com.atlassian.xmlrpc:atlassian-xmlrpc-binder-server-spring:0.8.2 Confidence :Highestcpe: cpe:/a:apache:xml-rpc:0.8.2 Confidence :Low suppress ws-commons-util-1.0.2.jarDescription:
This is a small collection of utility classes, that allow high performance XML
processing based on SAX. Basically, it is assumed, that you are using an JAXP
1.1 compliant XML parser and nothing else. In particular, no dependency on the
javax.xml.transform package is introduced.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/ws/commons/util/ws-commons-util/1.0.2/ws-commons-util-1.0.2.jar
MD5: e0d2efe441e2dec803c7749c10725f61
SHA1: 3f478e6def772c19d1053f61198fa1f6a6119238
SHA256: 97c183d35b596c6a010dfea967ca1e67f67696806535dcef5be17ffb2692cfd6
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.ws.commons.util Highest Vendor jar package name commons Low Vendor pom url http://ws.apache.org/commons/util Highest Vendor pom organization name Apache Software Foundation High Vendor pom artifactid ws-commons-util Low Vendor pom organization url http://www.apache.org/ Medium Vendor file name ws-commons-util High Vendor jar package name ws Low Vendor pom groupid apache.ws.commons.util Highest Vendor jar package name apache Low Vendor pom description This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced. Low Vendor pom name Apache WebServices Common Utilities High Product pom organization url http://www.apache.org/ Low Product file name ws-commons-util High Product jar package name ws Low Product jar package name commons Low Product pom url http://ws.apache.org/commons/util Medium Product jar package name util Low Product pom artifactid ws-commons-util Highest Product pom organization name Apache Software Foundation Low Product pom description This is a small collection of utility classes, that allow high performance XML processing based on SAX. Basically, it is assumed, that you are using an JAXP 1.1 compliant XML parser and nothing else. In particular, no dependency on the javax.xml.transform package is introduced. Low Product pom name Apache WebServices Common Utilities High Product pom groupid apache.ws.commons.util Low Version file version 1.0.2 Highest Version pom version 1.0.2 Highest
maven: org.apache.ws.commons.util:ws-commons-util:1.0.2 Confidence :Highestcpe: cpe:/a:ws_project:ws:1.0.2 Confidence :Low suppress Published Vulnerabilities CVE-2016-10542 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. Vulnerable Software & Versions:
atlassian-xmlrpc-binder-support-0.8.2.jarFile Path: /Users/Kevin/.m2/repository/com/atlassian/xmlrpc/atlassian-xmlrpc-binder-support/0.8.2/atlassian-xmlrpc-binder-support-0.8.2.jarMD5: be3c899f63cdff9e526b18460907ef7fSHA1: b31a9a68e2ef882000c31fe856760ae4d7b46293SHA256: d16ac5d3f39d8561c64090b9eab40ecea0e7e448abfe46692233aa16fbd1f9e5Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid com.atlassian.xmlrpc Medium Vendor pom groupid atlassian.xmlrpc Highest Vendor pom groupid com.atlassian.xmlrpc Highest Vendor pom name Atlassian XML-RPC Binder Support High Vendor pom artifactid atlassian-xmlrpc-binder-support Low Vendor jar package name xmlrpc Low Vendor jar package name atlassian Low Vendor file name atlassian-xmlrpc-binder-support High Vendor pom url http://www.atlassian.com/ Highest Vendor pom parent-artifactid atlassian-xmlrpc-binder-parent Low Product pom artifactid atlassian-xmlrpc-binder-support Highest Product pom name Atlassian XML-RPC Binder Support High Product jar package name xmlrpc Low Product pom url http://www.atlassian.com/ Medium Product pom groupid atlassian.xmlrpc Low Product pom parent-groupid com.atlassian.xmlrpc Low Product file name atlassian-xmlrpc-binder-support High Product pom parent-artifactid atlassian-xmlrpc-binder-parent Medium Version file version 0.8.2 Highest Version pom version 0.8.2 Highest
maven: com.atlassian.xmlrpc:atlassian-xmlrpc-binder-support:0.8.2 Confidence :Highest atlassian-xmlrpc-binder-server-0.8.2.jarLicense:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/atlassian/xmlrpc/atlassian-xmlrpc-binder-server/0.8.2/atlassian-xmlrpc-binder-server-0.8.2.jar
MD5: c9b77d8c772493c6b92fabfea618c5fa
SHA1: d6ee40622987871abb31eeee4bf03a7f17ea0e7c
SHA256: cde605e0497e0697ba258c0a03842663b0fb6edc95c7a5c8952e73beb9818cfd
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid com.atlassian.xmlrpc Medium Vendor pom groupid atlassian.xmlrpc Highest Vendor pom groupid com.atlassian.xmlrpc Highest Vendor pom artifactid atlassian-xmlrpc-binder-server Low Vendor jar package name xmlrpc Low Vendor jar package name atlassian Low Vendor pom name Atlassian XML-RPC Binder Server Components High Vendor pom url http://www.atlassian.com/ Highest Vendor file name atlassian-xmlrpc-binder-server High Vendor pom parent-artifactid atlassian-xmlrpc-binder-parent Low Product jar package name xmlrpc Low Product pom name Atlassian XML-RPC Binder Server Components High Product pom url http://www.atlassian.com/ Medium Product pom groupid atlassian.xmlrpc Low Product pom parent-groupid com.atlassian.xmlrpc Low Product pom artifactid atlassian-xmlrpc-binder-server Highest Product file name atlassian-xmlrpc-binder-server High Product pom parent-artifactid atlassian-xmlrpc-binder-parent Medium Version file version 0.8.2 Highest Version pom version 0.8.2 Highest
maven: com.atlassian.xmlrpc:atlassian-xmlrpc-binder-server:0.8.2 Confidence :Highest atlassian-xmlrpc-binder-annotations-0.8.2.jarFile Path: /Users/Kevin/.m2/repository/com/atlassian/xmlrpc/atlassian-xmlrpc-binder-annotations/0.8.2/atlassian-xmlrpc-binder-annotations-0.8.2.jarMD5: daffba99a45f8183e3f3fe5e4efb9b63SHA1: b4d14cc160d019ee5365570856621a77d80ac213SHA256: 3e6c457503eeafe0d748c9a951576e1aa25d173d6bf351da98076622b2491c76Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name atlassian-xmlrpc-binder-annotations High Vendor pom parent-groupid com.atlassian.xmlrpc Medium Vendor pom groupid atlassian.xmlrpc Highest Vendor pom artifactid atlassian-xmlrpc-binder-annotations Low Vendor pom groupid com.atlassian.xmlrpc Highest Vendor pom name Atlassian XML-RPC Binder Annotations High Vendor jar package name xmlrpc Low Vendor jar package name atlassian Low Vendor pom url http://www.atlassian.com/ Highest Vendor pom parent-artifactid atlassian-xmlrpc-binder-parent Low Product file name atlassian-xmlrpc-binder-annotations High Product pom name Atlassian XML-RPC Binder Annotations High Product jar package name xmlrpc Low Product pom url http://www.atlassian.com/ Medium Product pom groupid atlassian.xmlrpc Low Product pom parent-groupid com.atlassian.xmlrpc Low Product pom artifactid atlassian-xmlrpc-binder-annotations Highest Product pom parent-artifactid atlassian-xmlrpc-binder-parent Medium Version file version 0.8.2 Highest Version pom version 0.8.2 Highest
maven: com.atlassian.xmlrpc:atlassian-xmlrpc-binder-annotations:0.8.2 Confidence :Highest atlassian-xmlrpc-binder-0.8.2.jarFile Path: /Users/Kevin/.m2/repository/com/atlassian/xmlrpc/atlassian-xmlrpc-binder/0.8.2/atlassian-xmlrpc-binder-0.8.2.jarMD5: 529d5964f47e49f3cfef843021531c6dSHA1: ec50fd85f0604d0fde8a5fe55c61fd8c62117ddeSHA256: e1376d47afcb75e95f5a56f2f5dfe0ee6989404e6959d751f028143e81fa26b7Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid com.atlassian.xmlrpc Medium Vendor pom groupid atlassian.xmlrpc Highest Vendor pom groupid com.atlassian.xmlrpc Highest Vendor file name atlassian-xmlrpc-binder High Vendor jar package name xmlrpc Low Vendor jar package name atlassian Low Vendor pom name Atlassian XML-RPC Binder High Vendor pom artifactid atlassian-xmlrpc-binder Low Vendor pom url http://www.atlassian.com/ Highest Vendor pom parent-artifactid atlassian-xmlrpc-binder-parent Low Product pom artifactid atlassian-xmlrpc-binder Highest Product file name atlassian-xmlrpc-binder High Product jar package name xmlrpc Low Product pom name Atlassian XML-RPC Binder High Product pom url http://www.atlassian.com/ Medium Product pom groupid atlassian.xmlrpc Low Product pom parent-groupid com.atlassian.xmlrpc Low Product pom parent-artifactid atlassian-xmlrpc-binder-parent Medium Version file version 0.8.2 Highest Version pom version 0.8.2 Highest
maven: com.atlassian.xmlrpc:atlassian-xmlrpc-binder:0.8.2 Confidence :Highest slf4j-log4j12-1.5.0.jarDescription:
The slf4j log4j-12 binding
File Path: /Users/Kevin/.m2/repository/org/slf4j/slf4j-log4j12/1.5.0/slf4j-log4j12-1.5.0.jarMD5: e70665b12f90cd2089e00e3ea898f9e3SHA1: aad1074d37a63f19fafedd272dc7830f0f41a977SHA256: c23ecab161aa16467ada68c6073f1ace58b4bfc8a5865e2575cbe2fb2aed1d46Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid slf4j-log4j12 Low Vendor pom name SLF4J LOG4J-12 Binding High Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor pom parent-groupid org.slf4j Medium Vendor pom groupid slf4j Highest Vendor pom description
The slf4j log4j-12 binding
Medium Vendor pom parent-artifactid slf4j-parent Low Vendor manifest Bundle-Description The slf4j log4j-12 binding Medium Vendor pom groupid org.slf4j Highest Vendor pom url http://www.slf4j.org Highest Vendor Manifest bundle-symbolicname slf4j.log4j12 Medium Vendor file name slf4j-log4j12 High Product pom artifactid slf4j-log4j12 Highest Product Manifest Bundle-Name slf4j-log4j12 Medium Product pom groupid slf4j Low Product pom url http://www.slf4j.org Medium Product pom parent-groupid org.slf4j Low Product pom name SLF4J LOG4J-12 Binding High Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product Manifest Implementation-Title slf4j-log4j12 High Product pom description
The slf4j log4j-12 binding
Medium Product manifest Bundle-Description The slf4j log4j-12 binding Medium Product Manifest bundle-symbolicname slf4j.log4j12 Medium Product file name slf4j-log4j12 High Product pom parent-artifactid slf4j-parent Medium Version Manifest Implementation-Version 1.5.0 High Version pom version 1.5.0 Highest Version file version 1.5.0 Highest
maven: org.slf4j:slf4j-log4j12:1.5.0 Confidence :Highestcpe: cpe:/a:slf4j:slf4j:1.5.0 Confidence :Low suppress maven-plugin-api-2.0.jarDescription:
Maven is a project development management and comprehension tool. Based on the concept of a project object model: builds, dependency management, documentation creation, site publication, and distribution publication are all controlled from the declarative file. Maven can be extended by plugins to utilise a number of other development tools for reporting or the build process. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/maven/maven-plugin-api/2.0/maven-plugin-api-2.0.jar
MD5: c714c3aeccb4077866231655c08d4e3f
SHA1: 163ff2bc46c56d26e37e82a2cd79408c394a01e2
SHA256: 5b62626069d85bb463314572734988d47bc98aab9f0ed48d2f1f9554960f5a35
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name maven-plugin-api Medium Vendor pom parent-artifactid maven Low Vendor pom organization name Apache Software Foundation High Vendor pom groupid apache.maven Highest Vendor pom name Maven Plugin API High Vendor pom description Maven is a project development management and comprehension tool. Based on the concept of a project object model: builds, dependency management, documentation creation, site publication, and distribution publication are all controlled from the declarative file. Maven can be extended by plugins to utilise a number of other development tools for reporting or the build process. Low Vendor file name maven-plugin-api High Vendor pom parent-groupid org.apache.maven Medium Vendor pom organization url http://www.apache.org/ Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom groupid org.apache.maven Highest Vendor pom url http://maven.apache.org/maven2/maven-plugin-api Highest Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid maven-plugin-api Low Product Manifest extension-name maven-plugin-api Medium Product pom organization url http://www.apache.org/ Low Product pom artifactid maven-plugin-api Highest Product pom name Maven Plugin API High Product pom description Maven is a project development management and comprehension tool. Based on the concept of a project object model: builds, dependency management, documentation creation, site publication, and distribution publication are all controlled from the declarative file. Maven can be extended by plugins to utilise a number of other development tools for reporting or the build process. Low Product pom url http://maven.apache.org/maven2/maven-plugin-api Medium Product file name maven-plugin-api High Product pom organization name Apache Software Foundation Low Product Manifest specification-title Maven is a project development management and comprehension tool. Based on the concept of a project object model: builds, dependency management, documentation creation, site publication, and distribution publication are all controlled from the declarative file. Maven can be extended by plugins to utilise a number of other development tools for reporting or the build process. Medium Product pom groupid apache.maven Low Product pom parent-groupid org.apache.maven Low Product Manifest Implementation-Title maven-plugin-api High Product pom parent-artifactid maven Medium Version pom version 2.0 Highest Version Manifest Implementation-Version 2.0 High Version file version 2.0 Highest
maven: org.apache.maven:maven-plugin-api:2.0 Confidence :Highest maven-shared-io-1.0.jarDescription:
Basic API for lightweight logging File Path: /Users/Kevin/.m2/repository/org/apache/maven/shared/maven-shared-io/1.0/maven-shared-io-1.0.jarMD5: 915fe319be8f71e41646d588cab87ab4SHA1: 6ba6241653b04c174bdcbc73829ca719f353f24dSHA256: 62a4d7ab57706fbdbad89ad55f21cdf63ede5e8a5323b528d6c330e3fd36b1d2Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven.shared Medium Vendor jar package name maven Low Vendor jar package name apache Low Vendor jar package name shared Low Vendor pom artifactid maven-shared-io Low Vendor pom groupid apache.maven.shared Highest Vendor pom parent-artifactid maven-shared-components Low Vendor pom name Maven Shared I/O API High Vendor pom groupid org.apache.maven.shared Highest Vendor file name maven-shared-io High Vendor pom description Basic API for lightweight logging Medium Product pom artifactid maven-shared-io Highest Product pom groupid apache.maven.shared Low Product jar package name maven Low Product pom parent-artifactid maven-shared-components Medium Product jar package name shared Low Product jar package name io Low Product pom parent-groupid org.apache.maven.shared Low Product pom name Maven Shared I/O API High Product file name maven-shared-io High Product pom description Basic API for lightweight logging Medium Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.shared:maven-shared-io:1.0 Confidence :Highest file-management-1.1.jarDescription:
Basic API for lightweight logging File Path: /Users/Kevin/.m2/repository/org/apache/maven/shared/file-management/1.1/file-management-1.1.jarMD5: 48c2abe6b3a5045649714d06eceb6bbdSHA1: 1a751b5b40520478458f31dca58d763c34580755SHA256: b7d139b2a04687d399fb296a1d6c1d7925b54a65c2ace87b1cd4ea20e3d422c1Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.maven.shared Medium Vendor pom artifactid file-management Low Vendor jar package name maven Low Vendor jar package name apache Low Vendor pom name Maven Shared File Management API High Vendor jar package name shared Low Vendor file name file-management High Vendor pom groupid apache.maven.shared Highest Vendor pom parent-artifactid maven-shared-components Low Vendor pom groupid org.apache.maven.shared Highest Vendor pom description Basic API for lightweight logging Medium Product pom groupid apache.maven.shared Low Product jar package name maven Low Product pom parent-artifactid maven-shared-components Medium Product pom name Maven Shared File Management API High Product jar package name shared Low Product file name file-management High Product jar package name model Low Product pom parent-groupid org.apache.maven.shared Low Product pom artifactid file-management Highest Product pom description Basic API for lightweight logging Medium Version pom version 1.1 Highest Version file version 1.1 Highest
maven: org.apache.maven.shared:file-management:1.1 Confidence :Highest plexus-utils-1.5.4.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-utils/1.5.4/plexus-utils-1.5.4.jarMD5: 602b8b5ed32782f8cc42b9a216a9d8d9SHA1: dedb557166fbd043f54928baa9134c00e73b8abfSHA256: b5035e5abfd9d3c73c9311a5ac54de59248d1242ee5fa47212d0fcb097b1cd1eReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.codehaus.plexus Highest Vendor jar package name util Low Vendor jar package name codehaus Low Vendor file name plexus-utils High Vendor jar package name plexus Low Product jar package name util Low Product pom artifactid plexus-utils Highest Product file name plexus-utils High Product jar package name plexus Low Version file version 1.5.4 Highest Version pom version 1.5.4 Highest
maven: org.codehaus.plexus:plexus-utils:1.5.4 Confidence :Highest plexus-classworlds-1.2-alpha-7.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-classworlds/1.2-alpha-7/plexus-classworlds-1.2-alpha-7.jarMD5: b00a4521e82cd7cdf502039dd59a1ffbSHA1: ed03d1eeb9b2576747df0d2883d9006fa5e1febeSHA256: 8d0b03d23ab40c94db71f93bd64b2fdd525d86dda3f4b40474fb9eb27c369f96Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid plexus-classworlds Low Vendor pom groupid org.codehaus.plexus Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor file name plexus-classworlds High Vendor pom name Plexus Classworlds High Vendor jar package name codehaus Low Vendor pom parent-artifactid plexus Low Vendor jar package name plexus Low Vendor pom groupid codehaus.plexus Highest Vendor jar package name classworlds Low Product pom parent-artifactid plexus Medium Product pom groupid codehaus.plexus Low Product pom parent-groupid org.codehaus.plexus Low Product file name plexus-classworlds High Product pom name Plexus Classworlds High Product jar package name plexus Low Product pom artifactid plexus-classworlds Highest Product jar package name classworlds Low Version pom version 1.2-alpha-7 Highest Version file version 1.2.alpha Highest Version pom parent-version 1.2-alpha-7 Low Version file name plexus-classworlds Medium
maven: org.codehaus.plexus:plexus-classworlds:1.2-alpha-7 Confidence :Highest junit-3.8.1.jarDescription:
JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java.
License:
Common Public License Version 1.0: http://www.opensource.org/licenses/cpl1.0.txt File Path: /Users/Kevin/.m2/repository/junit/junit/3.8.1/junit-3.8.1.jar
MD5: 1f40fb782a4f2cf78f161d32670f7a3a
SHA1: 99129f16442844f6a4a11ae22fbbee40b14d774f
SHA256: b58e459509e190bed737f3592bc1950485322846cf10e78ded1d065153012d70
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid junit Highest Vendor pom artifactid junit Low Vendor file name junit High Vendor pom organization url http://www.junit.org Medium Vendor jar package name junit Low Vendor pom url http://junit.org Highest Vendor pom description JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java. Low Vendor pom organization name JUnit High Vendor pom name JUnit High Product pom organization url http://www.junit.org Low Product file name junit High Product pom artifactid junit Highest Product pom url http://junit.org Medium Product pom description JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java. Low Product pom groupid junit Low Product pom organization name JUnit Low Product pom name JUnit High Version file version 3.8.1 Highest Version pom version 3.8.1 Highest
maven: junit:junit:3.8.1 Confidence :Highest plexus-component-api-1.0-alpha-19.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-component-api/1.0-alpha-19/plexus-component-api-1.0-alpha-19.jarMD5: 0c262ada46d9b749a76cab5a3fd7fc1bSHA1: 9e375389c203bdd31a73f3ca6d1bd7e015deb3f1SHA256: a9d96e7c8240901169559ce2a6fc2f1621d61331d4fde0859d77afbddf8f8991Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.codehaus.plexus Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom name Plexus Component API High Vendor jar package name codehaus Low Vendor pom artifactid plexus-component-api Low Vendor pom parent-artifactid plexus-containers Low Vendor jar package name plexus Low Vendor file name plexus-component-api High Vendor pom groupid codehaus.plexus Highest Product pom groupid codehaus.plexus Low Product pom name Plexus Component API High Product pom parent-groupid org.codehaus.plexus Low Product jar package name plexus Low Product file name plexus-component-api High Product pom parent-artifactid plexus-containers Medium Product pom artifactid plexus-component-api Highest Version file version 1.0.alpha Highest Version pom version 1.0-alpha-19 Highest Version file name plexus-component-api Medium
maven: org.codehaus.plexus:plexus-component-api:1.0-alpha-19 Confidence :Highest backport-util-concurrent-3.0.jarDescription:
Dawid Kurzyniec's backport of JSR 166 License:
Public Domain: http://creativecommons.org/licenses/publicdomain File Path: /Users/Kevin/.m2/repository/backport-util-concurrent/backport-util-concurrent/3.0/backport-util-concurrent-3.0.jar
MD5: 6ab04326a80e57fd8972d50640a14088
SHA1: a193f67b87fe7782a13f1031dce4fa822c0e3599
SHA256: 376155ee3d0eee07a89aaf09c1ce43fc6e24d073ce03dafbc382e9aac66a917e
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description Dawid Kurzyniec's backport of JSR 166 Medium Vendor jar package name emory Low Vendor pom groupid backport-util-concurrent Highest Vendor pom artifactid backport-util-concurrent Low Vendor pom name Backport of JSR 166 High Vendor jar package name edu Low Vendor file name backport-util-concurrent High Vendor pom organization name Dawid Kurzyniec High Vendor pom organization url http://www.mathcs.emory.edu/~dawidk/ Medium Vendor pom url http://www.mathcs.emory.edu/dcl/util/backport-util-concurrent/ Highest Vendor jar package name mathcs Low Product pom url http://www.mathcs.emory.edu/dcl/util/backport-util-concurrent/ Medium Product pom description Dawid Kurzyniec's backport of JSR 166 Medium Product jar package name emory Low Product jar package name backport Low Product pom name Backport of JSR 166 High Product pom groupid backport-util-concurrent Low Product file name backport-util-concurrent High Product pom organization url http://www.mathcs.emory.edu/~dawidk/ Low Product pom artifactid backport-util-concurrent Highest Product pom organization name Dawid Kurzyniec Low Product jar package name mathcs Low Version pom version 3.0 Highest Version file version 3.0 Highest
maven: backport-util-concurrent:backport-util-concurrent:3.0 Confidence :Highest plexus-taskqueue-1.0-alpha-8.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-taskqueue/1.0-alpha-8/plexus-taskqueue-1.0-alpha-8.jarMD5: d70dfef01fc8fd62672d57ed2bdc6fb8SHA1: b50820160f0a471b783843526b225b65bfaeb237SHA256: b60d41607085795ef81d6f125cf45b3ab370cf2f8f14d538f6946b801d9137d7Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name plexus-taskqueue High Vendor pom groupid org.codehaus.plexus Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom artifactid plexus-taskqueue Low Vendor jar package name codehaus Low Vendor jar package name plexus Low Vendor pom name Plexus Task Queue High Vendor pom groupid codehaus.plexus Highest Vendor jar package name taskqueue Low Vendor pom parent-artifactid plexus-components Low Product file name plexus-taskqueue High Product pom groupid codehaus.plexus Low Product pom parent-groupid org.codehaus.plexus Low Product jar package name plexus Low Product pom artifactid plexus-taskqueue Highest Product pom name Plexus Task Queue High Product pom parent-artifactid plexus-components Medium Product jar package name taskqueue Low Version file name plexus-taskqueue Medium Version pom version 1.0-alpha-8 Highest Version pom parent-version 1.0-alpha-8 Low Version file version 1.0.alpha Highest
maven: org.codehaus.plexus:plexus-taskqueue:1.0-alpha-8 Confidence :Highest plexus-action-1.0-alpha-6.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-action/1.0-alpha-6/plexus-action-1.0-alpha-6.jarMD5: 74e61c8cbeaec660b6e8225d0971cf67SHA1: 94d6b8cbb03e5352dda96360ad350c60d98a6145SHA256: 04b4459f54cc1acaa7fd2b5362652ac08ee9e88775a6fb214e5c2c7ac2fe46fcReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Codehaus High Vendor pom artifactid plexus-action Low Vendor pom organization name Codehaus High Vendor file name plexus-action High Vendor pom name Plexus Action High Vendor pom groupid codehaus.plexus Highest Vendor Manifest extension-name plexus-action Medium Vendor pom groupid org.codehaus.plexus Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom organization url http://www.codehaus.org/ Medium Vendor Manifest specification-vendor Codehaus Low Vendor pom parent-artifactid plexus-components Low Product Manifest Implementation-Title plexus-action High Product pom groupid codehaus.plexus Low Product file name plexus-action High Product pom parent-groupid org.codehaus.plexus Low Product pom name Plexus Action High Product pom artifactid plexus-action Highest Product pom organization name Codehaus Low Product pom organization url http://www.codehaus.org/ Low Product pom parent-artifactid plexus-components Medium Product Manifest extension-name plexus-action Medium Version pom version 1.0-alpha-6 Highest Version Manifest Implementation-Version 1.0-alpha-6 High
maven: org.codehaus.plexus:plexus-action:1.0-alpha-6 Confidence :Highest plexus-command-line-1.0-alpha-2.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-command-line/1.0-alpha-2/plexus-command-line-1.0-alpha-2.jarMD5: 29580c08fcdc92c7c5675e6856033ae3SHA1: 315d341a1bad7bdbacec10f2858807942e695af8SHA256: 0498f74932ffe4b19a40031bb76481c6ef0ad4fe72b9dc10d814deda75694030Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Codehaus High Vendor pom organization name Codehaus High Vendor Manifest extension-name plexus-command-line Medium Vendor pom artifactid plexus-command-line Low Vendor pom groupid codehaus.plexus Highest Vendor pom groupid org.codehaus.plexus Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom organization url http://www.codehaus.org/ Medium Vendor file name plexus-command-line High Vendor pom name Plexus Command Line Component High Vendor Manifest specification-vendor Codehaus Low Vendor pom parent-artifactid plexus-components Low Product pom artifactid plexus-command-line Highest Product Manifest extension-name plexus-command-line Medium Product pom groupid codehaus.plexus Low Product pom parent-groupid org.codehaus.plexus Low Product Manifest Implementation-Title plexus-command-line High Product file name plexus-command-line High Product pom organization name Codehaus Low Product pom organization url http://www.codehaus.org/ Low Product pom name Plexus Command Line Component High Product pom parent-artifactid plexus-components Medium Version Manifest Implementation-Version 1.0-alpha-2 High Version pom version 1.0-alpha-2 Highest
maven: org.codehaus.plexus:plexus-command-line:1.0-alpha-2 Confidence :Highest plexus-interactivity-api-1.0-alpha-6.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-6/plexus-interactivity-api-1.0-alpha-6.jarMD5: 4f3e3b8a34729e317e4c2484016ca151SHA1: c06f0eb818633033f09a87d14c4cfb6f39af9a37SHA256: 4009db61dc8bc1ab5895bf5195718fd4df84998409e15acfb9aa796895ceddbfReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.codehaus.plexus Highest Vendor pom parent-groupid org.codehaus.plexus Medium Vendor jar package name components Low Vendor pom artifactid plexus-interactivity-api Low Vendor pom parent-artifactid plexus-interactivity Low Vendor pom name Plexus Default Interactivity Handler High Vendor jar package name codehaus Low Vendor jar package name plexus Low Vendor file name plexus-interactivity-api High Vendor pom groupid codehaus.plexus Highest Product jar package name components Low Product pom groupid codehaus.plexus Low Product pom parent-groupid org.codehaus.plexus Low Product pom parent-artifactid plexus-interactivity Medium Product pom name Plexus Default Interactivity Handler High Product jar package name interactivity Low Product jar package name plexus Low Product file name plexus-interactivity-api High Product pom artifactid plexus-interactivity-api Highest Version pom version 1.0-alpha-6 Highest Version file version 1.0.alpha Highest Version file name plexus-interactivity-api Medium
maven: org.codehaus.plexus:plexus-interactivity-api:1.0-alpha-6 Confidence :Highest maven-scm-manager-plexus-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-manager-plexus/1.0/maven-scm-manager-plexus-1.0.jarMD5: 90f1e4f233268f07f731b01cbb48b1fbSHA1: bbcfe0ba800dc3c43e52bb62ef47ab8034f6081cSHA256: 4730522a2409fbd289050cdf8338f24d9021ea7ad5c04a104ad112ae9fd8ec37Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid maven-scm-manager-plexus Low Vendor pom groupid org.apache.maven.scm Highest Vendor pom parent-artifactid maven-scm-managers Low Vendor jar package name scm Low Vendor jar package name maven Low Vendor file name maven-scm-manager-plexus High Vendor jar package name apache Low Vendor pom name Maven SCM Manager for Plexus High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product jar package name scm Low Product jar package name maven Low Product file name maven-scm-manager-plexus High Product pom parent-artifactid maven-scm-managers Medium Product pom name Maven SCM Manager for Plexus High Product jar package name manager Low Product pom artifactid maven-scm-manager-plexus Highest Product pom groupid apache.maven.scm Low Product pom parent-groupid org.apache.maven.scm Low Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-manager-plexus:1.0 Confidence :Highest regexp-1.3.jarFile Path: /Users/Kevin/.m2/repository/regexp/regexp/1.3/regexp-1.3.jarMD5: 6dcdc325850e40b843cac2a25fb2121eSHA1: 973df2b78b67bcd3144c3dbbb88da691065a3f8dSHA256: 27998732ecd5745924644f891f41adaf73736fe259a0a20843979452574f0385Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor jar package name apache Low Vendor file name regexp High Vendor jar package name regexp Low Vendor pom groupid regexp Highest Vendor pom artifactid regexp Low Product pom artifactid regexp Highest Product pom groupid regexp Low Product file name regexp High Product jar package name regexp Low Version pom version 1.3 Highest Version file version 1.3 Highest
maven: regexp:regexp:1.3 Confidence :Highest maven-scm-provider-bazaar-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-bazaar/1.0/maven-scm-provider-bazaar-1.0.jarMD5: 8c3ca2128efca24b8813c3dd04e96dd3SHA1: 39e76acec7879b25fedb76f429bdd389b7694f8eSHA256: bc8c8bb235b87211afa6e7745e3f5b82b9afd85f7716439b2cc63d98245e7217Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor pom name Maven SCM Bazaar Provider High Vendor jar package name scm Low Vendor file name maven-scm-provider-bazaar High Vendor jar package name maven Low Vendor pom parent-artifactid maven-scm-providers Low Vendor jar package name apache Low Vendor pom artifactid maven-scm-provider-bazaar Low Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product pom name Maven SCM Bazaar Provider High Product jar package name scm Low Product file name maven-scm-provider-bazaar High Product jar package name maven Low Product pom parent-artifactid maven-scm-providers Medium Product pom groupid apache.maven.scm Low Product pom parent-groupid org.apache.maven.scm Low Product jar package name provider Low Product pom artifactid maven-scm-provider-bazaar Highest Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-provider-bazaar:1.0 Confidence :Highest maven-scm-provider-clearcase-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-clearcase/1.0/maven-scm-provider-clearcase-1.0.jarMD5: 7c2880aa644ea153b1999f84c44c712fSHA1: 3f2c8a21974336eab5e556193c3c552c1e8324e7SHA256: e9881b07c7dc737f287fb9f5406ddc15cc0d3f1b67aaf78a14fd8a086085f33dReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor jar package name scm Low Vendor jar package name maven Low Vendor pom parent-artifactid maven-scm-providers Low Vendor jar package name apache Low Vendor pom name Maven SCM Clearcase Provider High Vendor pom artifactid maven-scm-provider-clearcase Low Vendor file name maven-scm-provider-clearcase High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product jar package name scm Low Product pom artifactid maven-scm-provider-clearcase Highest Product jar package name maven Low Product pom parent-artifactid maven-scm-providers Medium Product pom name Maven SCM Clearcase Provider High Product pom groupid apache.maven.scm Low Product pom parent-groupid org.apache.maven.scm Low Product jar package name provider Low Product file name maven-scm-provider-clearcase High Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-provider-clearcase:1.0 Confidence :Highest maven-scm-provider-cvsexe-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-cvsexe/1.0/maven-scm-provider-cvsexe-1.0.jarMD5: 0a6a7dcad41d7c288f29d6b799989c20SHA1: b063e4b0ffafd5c7bd4a7986464aca765e7ef127SHA256: 51b4525521299b7160d12ec1d18ebf6683fb4769bc936ba2574ae97319ed5a4eReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor jar package name scm Low Vendor jar package name maven Low Vendor jar package name apache Low Vendor pom name Maven SCM CVS Provider - CVS Executable Impl. High Vendor pom parent-artifactid maven-scm-providers-cvs Low Vendor file name maven-scm-provider-cvsexe High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom artifactid maven-scm-provider-cvsexe Low Vendor pom groupid apache.maven.scm Highest Product jar package name scm Low Product jar package name maven Low Product pom parent-artifactid maven-scm-providers-cvs Medium Product pom artifactid maven-scm-provider-cvsexe Highest Product pom name Maven SCM CVS Provider - CVS Executable Impl. High Product pom groupid apache.maven.scm Low Product file name maven-scm-provider-cvsexe High Product pom parent-groupid org.apache.maven.scm Low Product jar package name provider Low Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-provider-cvsexe:1.0 Confidence :Highest cvsclient-20060125.jarLicense:
Sun Public License: http://www.netbeans.org/about/legal/spl.html File Path: /Users/Kevin/.m2/repository/org/netbeans/lib/cvsclient/20060125/cvsclient-20060125.jar
MD5: d37c0e11f9b2d3fdde5a999ba9418abb
SHA1: cc80bd0085c79be7ed332cbdc1db77498bff1fda
SHA256: 89baed753b393d5074d4b9b4ba4b9692af6cd0713199998fb294b99942c820a3
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom url http://javacvs.netbeans.org/library/ Highest Vendor pom artifactid cvsclient Low Vendor Manifest openide-module-localizing-bundle org/netbeans/lib/cvsclient/Bundle.properties Low Vendor pom groupid org.netbeans.lib Highest Vendor pom groupid netbeans.lib Highest Vendor Manifest openide-module org.netbeans.lib.cvsclient/1 Low Vendor file name cvsclient-20060125 High Product pom groupid netbeans.lib Low Product pom url http://javacvs.netbeans.org/library/ Medium Product Manifest openide-module-localizing-bundle org/netbeans/lib/cvsclient/Bundle.properties Low Product pom artifactid cvsclient Highest Product Manifest openide-module org.netbeans.lib.cvsclient/1 Low Product file name cvsclient-20060125 High Version pom version 20060125 Highest Version file version 20060125 Medium
maven: org.netbeans.lib:cvsclient:20060125 Confidence :Highest ganymed-ssh2-build210.jarDescription:
Ganymed SSH2 for Java is a library which implements the SSH-2 protocol in pure Java License:
BSD style license: http://www.ganymed.ethz.ch/ssh2/LICENSE.txt File Path: /Users/Kevin/.m2/repository/ch/ethz/ganymed/ganymed-ssh2/build210/ganymed-ssh2-build210.jar
MD5: d898fe406a32b5c55283c719cb48328b
SHA1: b2f81c85a7a2a1b43727d2582710af85c979050b
SHA256: ee53bd7b41e1a45e1a263eca8ebbfc0b7acf4f9c442f4e707710c6599b80fcd5
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description Ganymed SSH2 for Java is a library which implements the SSH-2 protocol in pure Java Medium Vendor pom name Ganymed SSH2 for Java High Vendor pom url http://www.ganymed.ethz.ch/ssh2/ Highest Vendor pom artifactid ganymed-ssh2 Low Vendor pom groupid ch.ethz.ganymed Highest Vendor jar package name ethz Low Vendor jar package name ch Low Vendor jar package name ssh2 Low Vendor file name ganymed-ssh2-build210 High Product pom description Ganymed SSH2 for Java is a library which implements the SSH-2 protocol in pure Java Medium Product pom name Ganymed SSH2 for Java High Product pom artifactid ganymed-ssh2 Highest Product jar package name ethz Low Product jar package name ssh2 Low Product pom url http://www.ganymed.ethz.ch/ssh2/ Medium Product pom groupid ch.ethz.ganymed Low Product file name ganymed-ssh2-build210 High Version pom version build210 Highest
maven: ch.ethz.ganymed:ganymed-ssh2:build210 Confidence :Highest maven-scm-provider-cvsjava-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-cvsjava/1.0/maven-scm-provider-cvsjava-1.0.jarMD5: 0c2297a4e6dea48ff1a7149f366c753cSHA1: 30da1cd389c8cc8dacc55b5c0393cc88510868d0SHA256: 39a4fea7d80966f446be883cacd824c03280706e3ce57981cc0003f1058cb1faReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor jar package name scm Low Vendor jar package name maven Low Vendor jar package name apache Low Vendor pom name Maven SCM CVS Provider - CVS Java Impl. High Vendor file name maven-scm-provider-cvsjava High Vendor pom artifactid maven-scm-provider-cvsjava Low Vendor pom parent-artifactid maven-scm-providers-cvs Low Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product jar package name scm Low Product jar package name maven Low Product pom artifactid maven-scm-provider-cvsjava Highest Product pom parent-artifactid maven-scm-providers-cvs Medium Product pom name Maven SCM CVS Provider - CVS Java Impl. High Product file name maven-scm-provider-cvsjava High Product pom groupid apache.maven.scm Low Product pom parent-groupid org.apache.maven.scm Low Product jar package name provider Low Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-provider-cvsjava:1.0 Confidence :Highest maven-scm-provider-hg-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-hg/1.0/maven-scm-provider-hg-1.0.jarMD5: dbc2591642d096b1e6708e9050ef6980SHA1: 65be347b1e595e8569bb69e762b53eb5cf972cf0SHA256: e15a6fcd13b077d9f7cee50647b54a6430c2930dc6b97f42832f0a2a7f45bf6bReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor jar package name scm Low Vendor pom name Maven SCM Mercurial (Hg) Provider High Vendor jar package name maven Low Vendor pom parent-artifactid maven-scm-providers Low Vendor jar package name apache Low Vendor pom artifactid maven-scm-provider-hg Low Vendor file name maven-scm-provider-hg High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product pom artifactid maven-scm-provider-hg Highest Product jar package name scm Low Product pom name Maven SCM Mercurial (Hg) Provider High Product jar package name maven Low Product pom parent-artifactid maven-scm-providers Medium Product pom groupid apache.maven.scm Low Product file name maven-scm-provider-hg High Product pom parent-groupid org.apache.maven.scm Low Product jar package name provider Low Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-provider-hg:1.0 Confidence :Highest maven-scm-provider-perforce-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-perforce/1.0/maven-scm-provider-perforce-1.0.jarMD5: 932c412e13615873f47ddcfb43c3cd83SHA1: 8d4e631f11688a102ed6905e08e66a536ff7fedcSHA256: 2d05bd2e9273eaebf98e2984f66608546520e57b211da399aa2e718a8df59283Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor pom artifactid maven-scm-provider-perforce Low Vendor jar package name scm Low Vendor jar package name maven Low Vendor pom parent-artifactid maven-scm-providers Low Vendor jar package name apache Low Vendor pom name Maven SCM Perforce Provider High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor file name maven-scm-provider-perforce High Vendor pom groupid apache.maven.scm Highest Product jar package name scm Low Product jar package name maven Low Product pom parent-artifactid maven-scm-providers Medium Product pom groupid apache.maven.scm Low Product pom name Maven SCM Perforce Provider High Product pom artifactid maven-scm-provider-perforce Highest Product pom parent-groupid org.apache.maven.scm Low Product jar package name provider Low Product file name maven-scm-provider-perforce High Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-provider-perforce:1.0 Confidence :Highest maven-scm-provider-starteam-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-starteam/1.0/maven-scm-provider-starteam-1.0.jarMD5: ccd5be49cc58ee6c699f185530219feeSHA1: 4cd940529154e36386ddeab9ebd365eafd130c7fSHA256: 699dcdf0ed2ee84c22372d780b9b6bc6df94c95668d968783c6ea525675fb445Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor jar package name scm Low Vendor file name maven-scm-provider-starteam High Vendor pom name Maven SCM Starteam Provider High Vendor jar package name maven Low Vendor pom parent-artifactid maven-scm-providers Low Vendor jar package name apache Low Vendor pom artifactid maven-scm-provider-starteam Low Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product jar package name scm Low Product file name maven-scm-provider-starteam High Product pom name Maven SCM Starteam Provider High Product jar package name maven Low Product pom parent-artifactid maven-scm-providers Medium Product pom groupid apache.maven.scm Low Product pom parent-groupid org.apache.maven.scm Low Product jar package name provider Low Product pom artifactid maven-scm-provider-starteam Highest Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-provider-starteam:1.0 Confidence :Highest maven-scm-provider-svnexe-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-svnexe/1.0/maven-scm-provider-svnexe-1.0.jarMD5: 962c8d753de818c1ebcc643bf585a88aSHA1: 3ea987bb241773454acf4c5738e5250757e2dcdaSHA256: 6a45753fbaae26435aae5fbf2b4c31bbd65b49dc0f7e8ef39b50a7717f471bc8Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor jar package name scm Low Vendor jar package name maven Low Vendor pom name Maven SCM Subversion Provider - SVN Executable Impl. High Vendor jar package name apache Low Vendor file name maven-scm-provider-svnexe High Vendor pom parent-artifactid maven-scm-providers-svn Low Vendor pom artifactid maven-scm-provider-svnexe Low Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product jar package name scm Low Product pom parent-artifactid maven-scm-providers-svn Medium Product jar package name maven Low Product pom name Maven SCM Subversion Provider - SVN Executable Impl. High Product pom artifactid maven-scm-provider-svnexe Highest Product pom groupid apache.maven.scm Low Product file name maven-scm-provider-svnexe High Product pom parent-groupid org.apache.maven.scm Low Product jar package name provider Low Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-provider-svnexe:1.0 Confidence :Highest maven-scm-provider-synergy-1.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/scm/maven-scm-provider-synergy/1.0/maven-scm-provider-synergy-1.0.jarMD5: a7fb33175376ba79f699d290f0257edbSHA1: 6df31f97dfcde65c8dfea7fd5149dea2ee1ebd04SHA256: b2aa4455b73aabfe1c428d03bd640e1785a30dbd583c5c60711a390902d5029eReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.maven.scm Highest Vendor jar package name scm Low Vendor pom name Maven SCM Synergy Provider High Vendor jar package name maven Low Vendor pom parent-artifactid maven-scm-providers Low Vendor jar package name apache Low Vendor pom artifactid maven-scm-provider-synergy Low Vendor file name maven-scm-provider-synergy High Vendor pom parent-groupid org.apache.maven.scm Medium Vendor pom groupid apache.maven.scm Highest Product jar package name scm Low Product pom name Maven SCM Synergy Provider High Product jar package name maven Low Product pom parent-artifactid maven-scm-providers Medium Product pom groupid apache.maven.scm Low Product file name maven-scm-provider-synergy High Product pom parent-groupid org.apache.maven.scm Low Product jar package name provider Low Product pom artifactid maven-scm-provider-synergy Highest Version file version 1.0 Highest Version pom version 1.0 Highest
maven: org.apache.maven.scm:maven-scm-provider-synergy:1.0 Confidence :Highest jdom-1.0.jarFile Path: /Users/Kevin/.m2/repository/jdom/jdom/1.0/jdom-1.0.jarMD5: 0b8f97de82fc9529b1028a77125ce4f8SHA1: a2ac1cd690ab4c80defe7f9bce14d35934c35cecSHA256: 3b23bc3979aec14a952a12aafc483010dc57579775f2ffcacef5256a90eeda02Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest: org/jdom/output/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/filter/ Implementation-Vendor jdom.org Medium Vendor file name jdom High Vendor manifest: org/jdom/transform/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/input/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/xpath/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/adapters/ Implementation-Vendor jdom.org Medium Vendor manifest: org/jdom/ Implementation-Vendor jdom.org Medium Vendor pom artifactid jdom Low Vendor pom groupid jdom Highest Product manifest: org/jdom/xpath/ Implementation-Title org.jdom.xpath Medium Product file name jdom High Product pom groupid jdom Low Product pom artifactid jdom Highest Product manifest: org/jdom/adapters/ Specification-Title JDOM Adapter Classes Medium Product manifest: org/jdom/output/ Specification-Title JDOM Output Classes Medium Product manifest: org/jdom/filter/ Implementation-Title org.jdom.filter Medium Product manifest: org/jdom/transform/ Specification-Title JDOM Transformation Classes Medium Product manifest: org/jdom/adapters/ Implementation-Title org.jdom.adapters Medium Product manifest: org/jdom/transform/ Implementation-Title org.jdom.transform Medium Product manifest: org/jdom/ Specification-Title JDOM Classes Medium Product manifest: org/jdom/ Implementation-Title org.jdom Medium Product manifest: org/jdom/input/ Specification-Title JDOM Input Classes Medium Product manifest: org/jdom/input/ Implementation-Title org.jdom.input Medium Product manifest: org/jdom/xpath/ Specification-Title JDOM XPath Classes Medium Product manifest: org/jdom/output/ Implementation-Title org.jdom.output Medium Product manifest: org/jdom/filter/ Specification-Title JDOM Filter Classes Medium Version file version 1.0 Highest Version pom version 1.0 Highest
maven: jdom:jdom:1.0 Confidence :Highest jaxen-1.1-beta-8.jarDescription:
Jaxen is a universal Java XPath engine. File Path: /Users/Kevin/.m2/repository/jaxen/jaxen/1.1-beta-8/jaxen-1.1-beta-8.jarMD5: f02f59d819544e8e6299b7010e98cc40SHA1: b0bbd0cc28b4ec88b58d304896f7be7598e1c909SHA256: b07b476859e37066ef04fcd98ef874bcbf5896c048ec99787e77aa15cc07e073Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Codehaus High Vendor pom name jaxen High Vendor pom organization name Codehaus High Vendor pom groupid jaxen Highest Vendor pom artifactid jaxen Low Vendor file name jaxen High Vendor pom description Jaxen is a universal Java XPath engine. Medium Vendor Manifest extension-name jaxen Medium Vendor pom url http://jaxen.codehaus.org/ Highest Vendor pom organization url http://www.codehaus.org Medium Vendor Manifest specification-vendor Codehaus Low Product pom name jaxen High Product Manifest Implementation-Title org.jaxen High Product file name jaxen High Product pom description Jaxen is a universal Java XPath engine. Medium Product pom url http://jaxen.codehaus.org/ Medium Product Manifest extension-name jaxen Medium Product pom organization name Codehaus Low Product Manifest specification-title Universal Java XPath Engine Medium Product pom organization url http://www.codehaus.org Low Product pom artifactid jaxen Highest Product pom groupid jaxen Low Version Manifest Implementation-Version 1.1-beta-8 High Version pom version 1.1-beta-8 Highest
maven: jaxen:jaxen:1.1-beta-8 Confidence :Highest maven-release-manager-1.0-alpha-3.jarFile Path: /Users/Kevin/.m2/repository/org/apache/maven/release/maven-release-manager/1.0-alpha-3/maven-release-manager-1.0-alpha-3.jarMD5: 8ccc6fdf4a3ba9b10b728e888605f0eeSHA1: c1be3e419bd582928604fd553027bbd4b6b0c23eSHA256: 47bc0432a05253b8e81dba460cb3d8dfdf7d3077f7daa1e32367f50adee9cc6cReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid maven-release Low Vendor jar package name maven Low Vendor jar package name apache Low Vendor file name maven-release-manager High Vendor jar package name shared Low Vendor pom groupid org.apache.maven.release Highest Vendor pom parent-groupid org.apache.maven.release Medium Vendor pom groupid apache.maven.release Highest Vendor pom name Maven Shared Release Manager High Vendor pom artifactid maven-release-manager Low Product pom artifactid maven-release-manager Highest Product jar package name maven Low Product file name maven-release-manager High Product jar package name shared Low Product pom parent-groupid org.apache.maven.release Low Product pom name Maven Shared Release Manager High Product pom parent-artifactid maven-release Medium Product jar package name release Low Product pom groupid apache.maven.release Low Version pom version 1.0-alpha-3 Highest Version file name maven-release-manager Medium Version pom parent-version 1.0-alpha-3 Low Version file version 1.0.alpha Highest
maven: org.apache.maven.release:maven-release-manager:1.0-alpha-3 Confidence :Highest slf4j-api-1.5.6.jarDescription:
The slf4j API File Path: /Users/Kevin/.m2/repository/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.jarMD5: ca55c6dae5d0f9a8a829720408918586SHA1: ec9b7142625dfa1dcaf22db99ecb7c555ffa714dSHA256: b96864a2ad8c005d62351a500d72d2545b3bcb3e30564a64b0c467c935de8303Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor pom artifactid slf4j-api Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor manifest Bundle-Description The slf4j API Medium Vendor pom parent-groupid org.slf4j Medium Vendor pom name SLF4J API Module High Vendor pom groupid slf4j Highest Vendor pom parent-artifactid slf4j-parent Low Vendor pom description The slf4j API Medium Vendor pom groupid org.slf4j Highest Vendor pom url http://www.slf4j.org Highest Vendor Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product pom groupid slf4j Low Product file name slf4j-api High Product pom url http://www.slf4j.org Medium Product pom parent-groupid org.slf4j Low Product pom artifactid slf4j-api Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product manifest Bundle-Description The slf4j API Medium Product pom name SLF4J API Module High Product pom description The slf4j API Medium Product Manifest Bundle-Name slf4j-api Medium Product pom parent-artifactid slf4j-parent Medium Product Manifest bundle-symbolicname slf4j.api Medium Version pom version 1.5.6 Highest Version Manifest Implementation-Version 1.5.6 High Version file version 1.5.6 Highest
maven: org.slf4j:slf4j-api:1.5.6 Confidence :Highestcpe: cpe:/a:slf4j:slf4j:1.5.6 Confidence :Low suppress jsr250-api-1.0.jarDescription:
JSR-250 Reference Implementation by Glassfish License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html File Path: /Users/Kevin/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
MD5: 4cd56b2e4977e541186de69f5126b4a6
SHA1: 5025422767732a1ab45d93abfea846513d742dcf
SHA256: a1a922d0d9b6d183ed3800dfac01d1e1eb159f0e8c6f94736931c1def54a941f
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor jar package name annotation Low Vendor jar package name javax Low Vendor pom url http://jcp.org/aboutJava/communityprocess/final/jsr250/index.html Highest Vendor pom name JSR-250 Common Annotations for the JavaTM Platform High Vendor pom artifactid jsr250-api Low Vendor pom groupid javax.annotation Highest Vendor file name jsr250-api High Vendor pom description JSR-250 Reference Implementation by Glassfish Medium Product pom groupid javax.annotation Low Product jar package name annotation Low Product pom artifactid jsr250-api Highest Product pom url http://jcp.org/aboutJava/communityprocess/final/jsr250/index.html Medium Product pom name JSR-250 Common Annotations for the JavaTM Platform High Product file name jsr250-api High Product pom description JSR-250 Reference Implementation by Glassfish Medium Version file version 1.0 Highest Version pom version 1.0 Highest
maven: javax.annotation:jsr250-api:1.0 Confidence :Highest continuum-buildagent-core-1.3.2.jarFile Path: /Users/Kevin/.m2/repository/org/apache/continuum/continuum-buildagent-core/1.3.2/continuum-buildagent-core-1.3.2.jarMD5: 2aa60763500b161a291c0582c509c781SHA1: 9bd9b0b3c488a33a7501eea4b1850d8fe31f452aSHA256: 22efdf61cebc17fc79ae1e2bcf4de505cbbad6d9ea2cebb874678fbfa740b6a6Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid continuum-buildagent-core Low Vendor file name continuum-buildagent-core High Vendor Manifest Implementation-Vendor-Id org.apache.continuum Medium Vendor pom name Continuum :: Distributed Build :: Build Agent :: Core High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest svn-revision 756893 Low Vendor pom groupid apache.continuum Highest Vendor pom parent-artifactid continuum-buildagent Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.continuum Highest Vendor pom parent-groupid org.apache.continuum Medium Product pom groupid apache.continuum Low Product Manifest specification-title Continuum :: Distributed Build :: Build Agent :: Core Medium Product file name continuum-buildagent-core High Product pom parent-artifactid continuum-buildagent Medium Product pom name Continuum :: Distributed Build :: Build Agent :: Core High Product Manifest svn-revision 756893 Low Product pom artifactid continuum-buildagent-core Highest Product Manifest Implementation-Title Continuum :: Distributed Build :: Build Agent :: Core High Product pom parent-groupid org.apache.continuum Low Version pom version 1.3.2 Highest Version Manifest Implementation-Version 1.3.2 High Version file version 1.3.2 Highest
Related Dependencies continuum-distributed-master-api-1.3.2.jarFile Path: /Users/Kevin/.m2/repository/org/apache/continuum/continuum-distributed-master-api/1.3.2/continuum-distributed-master-api-1.3.2.jar MD5: e6e52380ffc01f75e668d4f542b36cd3 SHA1: 48010ef4763c13d934800e83531ad69525131ab9 SHA256: 6e4273505b9ed1cd360ec641bfe37f932035e153a36c9202ec83829300d4031a continuum-scm-1.3.2.jarFile Path: /Users/Kevin/.m2/repository/org/apache/continuum/continuum-scm/1.3.2/continuum-scm-1.3.2.jar MD5: 8ecd832b2f99d5c6bc1a0a284847c76c SHA1: 1a8dfdda608d75e63f697ad20c74f382400594f1 SHA256: 1b9ded71296bc7c0aea72e881b8acc24a8e5f4dbcb87709dab16d1c0f014220f continuum-release-1.3.2.jarFile Path: /Users/Kevin/.m2/repository/org/apache/continuum/continuum-release/1.3.2/continuum-release-1.3.2.jar MD5: 4657ebcb192613f929a2bcd387cad467 SHA1: 42d572df5a922cbf4e42044f5c60ab88d65de4a6 SHA256: 2531abcb4071bff89373be0804e76139e115b93a8034cfcd1b65bca78e2579a2 continuum-buildagent-api-1.3.2.jarFile Path: /Users/Kevin/.m2/repository/org/apache/continuum/continuum-buildagent-api/1.3.2/continuum-buildagent-api-1.3.2.jar MD5: a0b49401a93ccc1c9215ccdf57e5c233 SHA1: 685312669e859ee1c1eefba223be04d317b83acc SHA256: 7e05d49466303e06a0a7d75c50fce3623286d4776003c6e414f2b4ef0b606542 continuum-distributed-master-client-1.3.2.jarFile Path: /Users/Kevin/.m2/repository/org/apache/continuum/continuum-distributed-master-client/1.3.2/continuum-distributed-master-client-1.3.2.jar MD5: 79848d475286d2426d153eec7bedb179 SHA1: 5e00793126cc246fbbb47edf5b82e2d630d26e48 SHA256: 26fd73b450d8398a565101903942ee361ba9828ab8e95142775785b1c493eb1b continuum-api-1.3.2.jarFile Path: /Users/Kevin/.m2/repository/org/apache/continuum/continuum-api/1.3.2/continuum-api-1.3.2.jar MD5: 524c688ff5d727ef9fd702b3bb7f11dd SHA1: e05fa901ad205874275fff2145717b011ba58ef9 SHA256: b7d907a20ad379fcf682a0ab892fc5146deaf5745dcce92ef3a964b8ba93ab2c continuum-model-1.3.2.jarFile Path: /Users/Kevin/.m2/repository/org/apache/continuum/continuum-model/1.3.2/continuum-model-1.3.2.jar MD5: cdcec7e492cd1144859055f3986ca5c8 SHA1: 9929da3523fc974daf8f41b64867fba109c7bce0 SHA256: 0da2e9384a7753e74511db8cb2a2a6e317f63bb94c9763962ad42bc14aa38508 maven: org.apache.continuum:continuum-buildagent-core:1.3.2 Confidence :Highestcpe: cpe:/a:apache:continuum:1.3.2 Confidence :Low suppress lz4-1.1.2.jarDescription:
Java ports and bindings of the LZ4 compression algorithm and the xxHash hashing algorithm License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/net/jpountz/lz4/lz4/1.1.2/lz4-1.1.2.jar
MD5: 3ba70aef4e8a60aa60c8d1f00c8ea357
SHA1: b9bf619cffac8585ec1877ebf876ec68c85fc980
SHA256: 9879a63b4f952f5db1bc322eb99f872a36df7fbc24b56469caa4b234fbba4160
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description Java ports and bindings of the LZ4 compression algorithm and the xxHash hashing algorithm Medium Vendor jar package name jpountz Low Vendor pom artifactid lz4 Low Vendor jar package name net Low Vendor pom groupid net.jpountz.lz4 Highest Vendor pom url jpountz/lz4-java Highest Vendor jar package name lz4 Low Vendor file name lz4 High Vendor pom name LZ4 and xxHash High Product pom description Java ports and bindings of the LZ4 compression algorithm and the xxHash hashing algorithm Medium Product jar package name jpountz Low Product pom url jpountz/lz4-java High Product pom artifactid lz4 Highest Product jar package name lz4 Low Product file name lz4 High Product pom groupid net.jpountz.lz4 Low Product pom name LZ4 and xxHash High Version file version 1.1.2 Highest Version pom version 1.1.2 Highest
maven: net.jpountz.lz4:lz4:1.1.2 Confidence :Highest asm-3.3.jarFile Path: /Users/Kevin/.m2/repository/asm/asm/3.3/asm-3.3.jarMD5: 968575ef15e4024d205fa6ecddec67a9SHA1: fb0f302a91a376fd5cfe23167c419375e8fc9b8fSHA256: 07e685c385c652a3d2c4a08312004f653ba508e325d70ff3d9e8687d1ac6a8daReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid asm Low Vendor file name asm High Vendor pom name ASM Core High Vendor pom groupid asm Highest Vendor Manifest Implementation-Vendor France Telecom R&D High Vendor pom parent-artifactid asm-parent Low Product Manifest Implementation-Title ASM High Product file name asm High Product pom name ASM Core High Product pom parent-artifactid asm-parent Medium Product pom artifactid asm Highest Product pom groupid asm Low Version file version 3.3 Highest Version Manifest Implementation-Version 3.3 High Version pom version 3.3 Highest
maven: asm:asm:3.3 Confidence :Highest asm-tree-3.3.jarFile Path: /Users/Kevin/.m2/repository/asm/asm-tree/3.3/asm-tree-3.3.jarMD5: 3eeafc985d3ca624abf2d3ad549180d0SHA1: 33c13070f194e1f0385877ec9306a24e983b00e3SHA256: d0d8a92d855a015db402675af123c8f39010501ba1d34a5072301ce6caf137eaReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name asm-tree High Vendor pom groupid asm Highest Vendor pom name ASM Tree High Vendor Manifest Implementation-Vendor France Telecom R&D High Vendor pom artifactid asm-tree Low Vendor pom parent-artifactid asm-parent Low Product file name asm-tree High Product Manifest Implementation-Title ASM Tree class visitor High Product pom artifactid asm-tree Highest Product pom parent-artifactid asm-parent Medium Product pom name ASM Tree High Product pom groupid asm Low Version file version 3.3 Highest Version Manifest Implementation-Version 3.3 High Version pom version 3.3 Highest
maven: asm:asm-tree:3.3 Confidence :Highest asm-commons-3.3.jarFile Path: /Users/Kevin/.m2/repository/asm/asm-commons/3.3/asm-commons-3.3.jarMD5: 47d6178194c38fc70d4e27db08ae5d10SHA1: 3630d2095238beee3f94670af3d9a9dc115ce887SHA256: 1cc6e5bcfab550397289875ac133d86562d4ec2f3875afa7c5c033d1f0ee96afReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid asm Highest Vendor pom artifactid asm-commons Low Vendor pom name ASM Commons High Vendor Manifest Implementation-Vendor France Telecom R&D High Vendor file name asm-commons High Vendor pom parent-artifactid asm-parent Low Product pom artifactid asm-commons Highest Product Manifest Implementation-Title ASM commons High Product pom parent-artifactid asm-parent Medium Product pom groupid asm Low Product pom name ASM Commons High Product file name asm-commons High Version file version 3.3 Highest Version Manifest Implementation-Version 3.3 High Version pom version 3.3 Highest
maven: asm:asm-commons:3.3 Confidence :Highest xwork-core-2.3.24.jarDescription:
Apache Struts 2 License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/struts/xwork/xwork-core/2.3.24/xwork-core-2.3.24.jar
MD5: bf93d0ee8ed38a7353ba1ca0c15e20b5
SHA1: 2494f67f3e7f91e06a48e739b772e8dd283bb52e
SHA256: fa9a0cae06a735123459ad9df26463dc12658788eb35db19b0434dad9f826db6
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.struts.xwork Highest Vendor pom groupid org.apache.struts.xwork Highest Vendor pom parent-groupid org.apache.struts Medium Vendor file name xwork-core High Vendor pom parent-artifactid struts2-parent Low Vendor Manifest Implementation-Vendor-Id org.apache.struts.xwork Medium Vendor manifest Bundle-Description Apache Struts 2 Medium Vendor pom name XWork: Core High Vendor pom artifactid xwork-core Low Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest bundle-symbolicname org.apache.struts.xwork.core Medium Vendor Manifest specification-vendor Apache Software Foundation Low Vendor Manifest bundle-docurl http://www.apache.org Low Product pom artifactid xwork-core Highest Product Manifest Bundle-Name XWork: Core Medium Product file name xwork-core High Product Manifest Implementation-Title XWork: Core High Product pom parent-artifactid struts2-parent Medium Product manifest Bundle-Description Apache Struts 2 Medium Product pom name XWork: Core High Product Manifest specification-title XWork: Core Medium Product pom groupid apache.struts.xwork Low Product Manifest bundle-symbolicname org.apache.struts.xwork.core Medium Product pom parent-groupid org.apache.struts Low Product Manifest bundle-docurl http://www.apache.org Low Version Manifest Implementation-Version 2.3.24 High Version file version 2.3.24 Highest Version pom version 2.3.24 Highest
maven: org.apache.struts.xwork:xwork-core:2.3.24 Confidence :Highest freemarker-2.3.22.jarDescription:
FreeMarker is a "template engine"; a generic tool to generate text output based on templates.
License:
Apache License, Version 2.0: http://freemarker.org/LICENSE.txt File Path: /Users/Kevin/.m2/repository/org/freemarker/freemarker/2.3.22/freemarker-2.3.22.jar
MD5: 51cca65040c41326e9b6b2806aba23ff
SHA1: 473d784b3cd2dcb6d49a287ded0542b7862c7d68
SHA256: 58502c0e47066cfde399d52aa5d81f83f990bbb43b044414969119c25c1a9c6f
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name FreeMarker High Vendor Manifest Implementation-Vendor freemarker.org High Vendor Manifest dstamp 20150228 Low Vendor pom url http://freemarker.org/ Highest Vendor Manifest extension-name FreeMarker Medium Vendor Manifest bundle-symbolicname org.freemarker.freemarker Medium Vendor pom artifactid freemarker Low Vendor Manifest tstamp 2233 Low Vendor Manifest specification-vendor freemarker.org Low Vendor pom description FreeMarker is a "template engine"; a generic tool to generate text output based on templates. Low Vendor Manifest today February 28 2015 Low Vendor pom groupid org.freemarker Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, J2SE-1.4 Low Vendor pom groupid freemarker Highest Vendor file name freemarker High Product pom name FreeMarker High Product pom artifactid freemarker Highest Product Manifest Bundle-Name org.freemarker.freemarker Medium Product pom groupid freemarker Low Product Manifest dstamp 20150228 Low Product Manifest extension-name FreeMarker Medium Product Manifest bundle-symbolicname org.freemarker.freemarker Medium Product Manifest Implementation-Title FreeMarker High Product Manifest tstamp 2233 Low Product Manifest specification-title FreeMarker Medium Product pom description FreeMarker is a "template engine"; a generic tool to generate text output based on templates. Low Product Manifest today February 28 2015 Low Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, J2SE-1.4 Low Product file name freemarker High Product pom url http://freemarker.org/ Medium Version pom version 2.3.22 Highest Version Manifest Implementation-Version 2.3.22 High Version file version 2.3.22 Highest
maven: org.freemarker:freemarker:2.3.22 Confidence :Highest javassist-3.11.0.GA.jarDescription:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
File Path: /Users/Kevin/.m2/repository/javassist/javassist/3.11.0.GA/javassist-3.11.0.GA.jarMD5: cb8f91e65864b85c8c6f87164e3252a5SHA1: 2c00105734a57e9ee4f27e4b17cd43200e5f0ff8SHA256: aa8c27fc46be68c58c25eab15bf3073587945e009455385da78439dea684ef58Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor Shigeru Chiba, Tokyo Institute of Technology Low Vendor pom artifactid javassist Low Vendor pom groupid javassist Highest Vendor pom description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low Vendor pom name Javassist High Vendor file name javassist High Vendor pom url http://www.javassist.org/ Highest Product pom description Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java. Low Product pom url http://www.javassist.org/ Medium Product pom name Javassist High Product file name javassist High Product Manifest specification-title Javassist Medium Product pom artifactid javassist Highest Product pom groupid javassist Low Version pom version 3.11.0.GA Highest Version file version 3.11.0 Highest
maven: javassist:javassist:3.11.0.GA Confidence :Highest ognl-3.0.6.jarDescription:
OGNL - Object Graph Navigation Library License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/ognl/ognl/3.0.6/ognl-3.0.6.jar
MD5: 2a8fb06b52574e498ed256b8fc64055e
SHA1: a3665cf8e3426686ee751790f3d1e1ec5705e9dc
SHA256: 3e9c7968f61371bb231df316123e6740944f72b59675843574c2f42d5e9f33cb
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid ognl Highest Vendor pom artifactid ognl Low Vendor pom organization url http://www.opensymphony.com Medium Vendor pom name OGNL - Object Graph Navigation Library High Vendor pom organization name OpenSymphony High Vendor pom description OGNL - Object Graph Navigation Library Medium Vendor pom url http://ognl.org Highest Vendor jar package name ognl Low Vendor file name ognl High Product pom organization url http://www.opensymphony.com Low Product pom url http://ognl.org Medium Product pom organization name OpenSymphony Low Product pom name OGNL - Object Graph Navigation Library High Product pom description OGNL - Object Graph Navigation Library Medium Product pom artifactid ognl Highest Product pom groupid ognl Low Product file name ognl High Version file version 3.0.6 Highest Version pom version 3.0.6 Highest
cpe: cpe:/a:ognl_project:ognl:3.0.6 Confidence :Low suppress maven: ognl:ognl:3.0.6 Confidence :Highest Published Vulnerabilities CVE-2016-3093 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. Vulnerable Software & Versions: (show all )
commons-fileupload-1.3.1.jarDescription:
The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart
file upload functionality to servlets and web applications.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-fileupload/commons-fileupload/1.3.1/commons-fileupload-1.3.1.jar
MD5: ed8eec445e21ec7e49b86bf3cbcffcbc
SHA1: c621b54583719ac0310404463d6d99db27e1052c
SHA256: f4ae31866d62f91054fb3dfd0696efd08705e5e8ccd657b01b460a80044be532
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Vendor pom parent-artifactid commons-parent Low Vendor pom artifactid commons-fileupload Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest implementation-build trunk@r1565338; 2014-02-06 17:03:20+0000 Low Vendor pom parent-groupid org.apache.commons Medium Vendor file name commons-fileupload High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-symbolicname org.apache.commons.fileupload Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low Vendor pom groupid commons-fileupload Highest Vendor pom name Apache Commons FileUpload High Vendor pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low Vendor pom url http://commons.apache.org/proper/commons-fileupload/ Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-fileupload/ Low Product Manifest Implementation-Title Apache Commons FileUpload High Product pom url http://commons.apache.org/proper/commons-fileupload/ Medium Product Manifest implementation-build trunk@r1565338; 2014-02-06 17:03:20+0000 Low Product file name commons-fileupload High Product Manifest bundle-symbolicname org.apache.commons.fileupload Medium Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom artifactid commons-fileupload Highest Product pom groupid commons-fileupload Low Product Manifest specification-title Apache Commons FileUpload Medium Product manifest Bundle-Description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low Product pom name Apache Commons FileUpload High Product pom description The Apache Commons FileUpload component provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Low Product Manifest Bundle-Name Apache Commons FileUpload Medium Version Manifest Implementation-Version 1.3.1 High Version file version 1.3.1 Highest Version pom version 1.3.1 Highest
Published Vulnerabilities CVE-2016-1000031 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-284 Improper Access Control
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution Vulnerable Software & Versions:
CVE-2016-3092 suppress
Severity:High CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CWE: CWE-20 Improper Input Validation
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Vulnerable Software & Versions: (show all )
commons-io-2.2.jarDescription:
The Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-io/commons-io/2.2/commons-io-2.2.jar
MD5: 6ad49e3e16c2342e9ee9599ce04775e6
SHA1: 83b5b8a7ba1c08f9e8c8ff2373724e33d3c1e22a
SHA256: 675f60bd11a82d481736591fe4054c66471fa5463d45616652fd71585792ba87
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description
The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low Vendor pom artifactid commons-io Low Vendor file name commons-io High Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest bundle-docurl http://commons.apache.org/io/ Low Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor manifest Bundle-Description The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low Vendor pom groupid commons-io Highest Vendor pom url http://commons.apache.org/io/ Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-build tags/2.2-RC4@r1305376; 2012-03-26 10:58:33-0400 Low Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor pom name Commons IO High Product pom description
The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low Product file name commons-io High Product Manifest Bundle-Name Commons IO Medium Product Manifest bundle-docurl http://commons.apache.org/io/ Low Product pom url http://commons.apache.org/io/ Medium Product manifest Bundle-Description The Commons IO library contains utility classes, stream implementations, file filters, file comparators, endian transformation classes, and much more. Low Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom groupid commons-io Low Product Manifest implementation-build tags/2.2-RC4@r1305376; 2012-03-26 10:58:33-0400 Low Product Manifest bundle-symbolicname org.apache.commons.io Medium Product pom artifactid commons-io Highest Product pom name Commons IO High Product Manifest Implementation-Title Commons IO High Product Manifest specification-title Commons IO Medium Version pom version 2.2 Highest Version Manifest Implementation-Version 2.2 High Version file version 2.2 Highest
maven: commons-io:commons-io:2.2 Confidence :Highest struts2-core-2.3.24.jarDescription:
Apache Struts 2 License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/struts/struts2-core/2.3.24/struts2-core-2.3.24.jar
MD5: f5c4aa120f74452cc8d3e2ba08c59208
SHA1: d1baacd603b0fa91217cb3552ae1577b18b5da27
SHA256: 432247b4b7f68ba33abdaf3db3000adcdc30997b20ef0f00e51813293829ab7d
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.struts Highest Vendor pom parent-groupid org.apache.struts Medium Vendor pom groupid apache.struts Highest Vendor pom parent-artifactid struts2-parent Low Vendor pom name Struts 2 Core High Vendor Manifest Implementation-Vendor-Id org.apache.struts Medium Vendor manifest Bundle-Description Apache Struts 2 Medium Vendor pom artifactid struts2-core Low Vendor file name struts2-core High Vendor Manifest bundle-symbolicname org.apache.struts.2-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor Manifest bundle-docurl http://www.apache.org Low Product pom groupid apache.struts Low Product Manifest Bundle-Name Struts 2 Core Medium Product Manifest Implementation-Title Struts 2 Core High Product Manifest specification-title Struts 2 Core Medium Product pom name Struts 2 Core High Product pom parent-artifactid struts2-parent Medium Product manifest Bundle-Description Apache Struts 2 Medium Product file name struts2-core High Product Manifest bundle-symbolicname org.apache.struts.2-core Medium Product pom parent-groupid org.apache.struts Low Product pom artifactid struts2-core Highest Product Manifest bundle-docurl http://www.apache.org Low Version Manifest Implementation-Version 2.3.24 High Version file version 2.3.24 Highest Version pom version 2.3.24 Highest
Published Vulnerabilities CVE-2015-5209 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-20 Improper Input Validation
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. Vulnerable Software & Versions: (show all )
CVE-2016-0785 suppress
Severity:High CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) CWE: CWE-20 Improper Input Validation
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. Vulnerable Software & Versions:
CVE-2016-2162 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display. Vulnerable Software & Versions: (show all )
CVE-2016-3081 suppress
Severity:High CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) CWE: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. Vulnerable Software & Versions: (show all )
CVE-2016-3082 suppress
Severity:High CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CWE: CWE-20 Improper Input Validation
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter. Vulnerable Software & Versions: (show all )
CVE-2016-3087 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-20 Improper Input Validation
Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. Vulnerable Software & Versions: (show all )
CVE-2016-3093 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors. Vulnerable Software & Versions: (show all )
CVE-2016-4003 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter. Vulnerable Software & Versions:
CVE-2016-4430 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-352 Cross-Site Request Forgery (CSRF)
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. Vulnerable Software & Versions: (show all )
CVE-2016-4431 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-20 Improper Input Validation
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. Vulnerable Software & Versions: (show all )
CVE-2016-4433 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-20 Improper Input Validation
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. Vulnerable Software & Versions: (show all )
CVE-2016-4436 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. Vulnerable Software & Versions: (show all )
CVE-2016-4438 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-20 Improper Input Validation
The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. Vulnerable Software & Versions: (show all )
CVE-2016-4465 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field. Vulnerable Software & Versions: (show all )
CVE-2016-6795 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. Vulnerable Software & Versions: (show all )
CVE-2017-5638 suppress
Severity:High CVSS Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CWE: CWE-20 Improper Input Validation
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string. Vulnerable Software & Versions: (show all )
CVE-2017-9787 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-284 Improper Access Control
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33. Vulnerable Software & Versions: (show all )
CVE-2017-9791 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-20 Improper Input Validation
The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Vulnerable Software & Versions: (show all )
CVE-2017-9805 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-502 Deserialization of Untrusted Data
The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. Vulnerable Software & Versions: (show all )
CVE-2018-11776 suppress
Severity:High CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) CWE: CWE-20 Improper Input Validation
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. Vulnerable Software & Versions: (show all )
CVE-2018-1327 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16. Vulnerable Software & Versions: (show all )
commons-collections4-4.1.jarDescription:
The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/commons/commons-collections4/4.1/commons-collections4-4.1.jar
MD5: 45af6a8e5b51d5945de6c7411e290bd1
SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e
SHA256: b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Vendor pom url http://commons.apache.org/proper/commons-collections/ Highest Vendor Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Vendor pom parent-artifactid commons-parent Low Vendor Manifest bundle-symbolicname org.apache.commons.collections4 Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor manifest Bundle-Description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name commons-collections4 High Vendor pom name Apache Commons Collections High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Vendor pom artifactid commons-collections4 Low Vendor pom groupid org.apache.commons Highest Product Manifest specification-title Apache Commons Collections Medium Product pom artifactid commons-collections4 Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-collections/ Low Product pom url http://commons.apache.org/proper/commons-collections/ Medium Product Manifest implementation-build tags/COLLECTIONS_4_1_RC2@r1716550; 2015-11-25 22:53:13+0100 Low Product Manifest bundle-symbolicname org.apache.commons.collections4 Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product manifest Bundle-Description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Product file name commons-collections4 High Product Manifest Bundle-Name Apache Commons Collections Medium Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom name Apache Commons Collections High Product Manifest Implementation-Title Apache Commons Collections High Product pom groupid apache.commons Low Product pom description The Apache Commons Collections package contains types that extend and augment the Java Collections Framework. Low Version Manifest Implementation-Version 4.1 High Version pom version 4.1 Highest Version file version 4.1 Highest
maven: org.apache.commons:commons-collections4:4.1 Confidence :Highestcpe: cpe:/a:apache:commons_collections:4.1 Confidence :Low suppress wicket-core-7.10.0.jarDescription:
Wicket is a Java web application framework that takes simplicity,
separation of concerns and ease of development to a whole new level.
Wicket pages can be mocked up, previewed and later revised using
standard WYSIWYG HTML design tools. Dynamic content processing and
form handling is all handled in Java code using a first-class
component model backed by POJO data beans that can easily be
persisted using your favorite technology.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/wicket/wicket-core/7.10.0/wicket-core-7.10.0.jar
MD5: f86b98c2b4c61cf1c344b9f294f08138
SHA1: ff61b2fb5a43947a9b94556d505bd708a663e003
SHA256: 873518141d218016338c67b18414706532d96486e91a96ff149b9c1d01ab5713
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.wicket Highest Vendor manifest Bundle-Description Wicket is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing and form handling is all handled in Java code using a first-class component model backed by POJO data beans that can easily be persisted using your favorite technology. Low Vendor pom parent-artifactid wicket-parent Low Vendor pom groupid apache.wicket Highest Vendor Manifest bundle-docurl http://apache.org Low Vendor pom name Wicket Core High Vendor pom artifactid wicket-core Low Vendor file name wicket-core High Vendor Manifest Implementation-Vendor-Id org.apache.wicket Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom description Wicket is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing and form handling is all handled in Java code using a first-class component model backed by POJO data beans that can easily be persisted using your favorite technology. Low Vendor Manifest bundle-symbolicname org.apache.wicket.core Medium Vendor pom parent-groupid org.apache.wicket Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Product Manifest specification-title Wicket Core Medium Product manifest Bundle-Description Wicket is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing and form handling is all handled in Java code using a first-class component model backed by POJO data beans that can easily be persisted using your favorite technology. Low Product pom groupid apache.wicket Low Product Manifest Bundle-Name Wicket Core Medium Product Manifest bundle-docurl http://apache.org Low Product pom name Wicket Core High Product pom parent-groupid org.apache.wicket Low Product pom parent-artifactid wicket-parent Medium Product file name wicket-core High Product Manifest Implementation-Title Wicket Core High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom description Wicket is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing and form handling is all handled in Java code using a first-class component model backed by POJO data beans that can easily be persisted using your favorite technology. Low Product pom artifactid wicket-core Highest Product Manifest bundle-symbolicname org.apache.wicket.core Medium Version pom version 7.10.0 Highest Version Manifest Implementation-Version 7.10.0 High Version file version 7.10.0 Highest
Related Dependencies wicket-request-7.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/wicket/wicket-request/7.10.0/wicket-request-7.10.0.jar MD5: cfabd15aacff31678a322d383a8b5025 SHA1: 096564787471a9e5bee1ae50dfa98e91ba05b5a2 SHA256: 00b697e789c63d062c19219860af9cd8591cdd075225de5f67f89eedfda77694 wicket-util-7.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/wicket/wicket-util/7.10.0/wicket-util-7.10.0.jar MD5: b12572d57d7097533a90d04bab96d58b SHA1: bdf8f6a37e0c3fd0e986362a5a58dc0973e890b2 SHA256: fc3d3e9235719d1aae28a242ea9e09857c0c4fa4c0b43d878b600b2030fcfd9c maven: org.apache.wicket:wicket-core:7.10.0 Confidence :Highestcpe: cpe:/a:apache:wicket:7.10.0 Confidence :Low suppress findbugs-annotations-1.3.9-1.jarDescription:
A clean room implementation of the Findbugs Annotations based entirely on the specification provided
by the javadocs and at http://findbugs.sourceforge.net/manual/annotations.html.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/github/stephenc/findbugs/findbugs-annotations/1.3.9-1/findbugs-annotations-1.3.9-1.jar
MD5: 70fda5202eb9d9ce4f250f2c2ba71152
SHA1: a6b11447635d80757d64b355bed3c00786d86801
SHA256: 1e651066ed9ae35d7e3001d635d1dbba1c2965db0e4e33e2c14ad610543f225c
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid findbugs-annotations Low Vendor pom groupid github.stephenc.findbugs Highest Vendor pom description A clean room implementation of the Findbugs Annotations based entirely on the specification provided by the javadocs and at http://findbugs.sourceforge.net/manual/annotations.html. Low Vendor jar package name cs Low Vendor pom groupid com.github.stephenc.findbugs Highest Vendor jar package name edu Low Vendor file name findbugs-annotations High Vendor jar package name umd Low Vendor pom name Findbugs Annotations under Apache License High Vendor pom url http://stephenc.github.com/findbugs-annotations Highest Product pom description A clean room implementation of the Findbugs Annotations based entirely on the specification provided by the javadocs and at http://findbugs.sourceforge.net/manual/annotations.html. Low Product pom url http://stephenc.github.com/findbugs-annotations Medium Product jar package name cs Low Product pom artifactid findbugs-annotations Highest Product jar package name findbugs Low Product file name findbugs-annotations High Product jar package name umd Low Product pom name Findbugs Annotations under Apache License High Product pom groupid github.stephenc.findbugs Low Version pom version 1.3.9-1 Highest Version file version 1.3.9.1 Highest
maven: com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1 Confidence :Highest jgroups-3.6.10.Final.jarDescription:
Reliable cluster communication toolkit
License:
Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /Users/Kevin/.m2/repository/org/jgroups/jgroups/3.6.10.Final/jgroups-3.6.10.Final.jar
MD5: 54b56e09dd1583a0b07b113ddeeb3604
SHA1: fc0ff5a8a9de27ab62939956f705c2909bf86bc2
SHA256: 46ddfd9d0c0c75b5dab967bb81a97efbe14f5b629ae590a633a4e983f5ea67de
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor pom groupid org.jgroups Highest Vendor pom organization name JBoss, a division of Red Hat High Vendor pom name JGroups High Vendor pom url http://www.jgroups.org Highest Vendor file name jgroups High Vendor pom groupid jgroups Highest Vendor Manifest bundle-symbolicname org.jgroups Medium Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor manifest Bundle-Description Ant/ivy based build.xml file for JGroups. Needs ant to run Medium Vendor pom description
Reliable cluster communication toolkit
Medium Vendor pom organization url http://www.jboss.org Medium Vendor pom artifactid jgroups Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product pom organization url http://www.jboss.org Low Product pom name JGroups High Product pom artifactid jgroups Highest Product pom groupid jgroups Low Product file name jgroups High Product Manifest Bundle-Name JGroups Medium Product Manifest bundle-symbolicname org.jgroups Medium Product Manifest bundle-docurl http://www.jboss.org Low Product manifest Bundle-Description Ant/ivy based build.xml file for JGroups. Needs ant to run Medium Product pom description
Reliable cluster communication toolkit
Medium Product pom organization name JBoss, a division of Red Hat Low Product pom url http://www.jgroups.org Medium Version file version 3.6.10 Highest Version pom version 3.6.10.Final Highest Version Manifest Implementation-Version 3.6.10.Final High
maven: org.jgroups:jgroups:3.6.10.Final Confidence :Highest antlr-2.7.7.jarDescription:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.html File Path: /Users/Kevin/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256: 88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low Vendor pom groupid antlr Highest Vendor pom artifactid antlr Low Vendor pom url http://www.antlr.org/ Highest Vendor file name antlr High Vendor jar package name antlr Low Vendor pom name AntLR Parser Generator High Product pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low Product file name antlr High Product pom name AntLR Parser Generator High Product pom url http://www.antlr.org/ Medium Product pom artifactid antlr Highest Product pom groupid antlr Low Version file version 2.7.7 Highest Version pom version 2.7.7 Highest
maven: antlr:antlr:2.7.7 Confidence :Highest jackson-annotations-2.8.6.jarDescription:
Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.8.6/jackson-annotations-2.8.6.jar
MD5: 10b5d9fc0ab28d74ea1ef40988c7964d
SHA1: 9577018f9ce3636a2e1cb0a0c7fe915e5098ded5
SHA256: 92d7580f361174bda3e015c66adafa326aeb9ef7f4a99a895486cef0dae773f8
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid jackson-parent Low Vendor pom name Jackson-annotations High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest specification-vendor FasterXML Low Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor file name jackson-annotations High Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom artifactid jackson-annotations Low Vendor pom description Core annotations used for value types, used by Jackson data binding package.
Medium Vendor pom url http://github.com/FasterXML/jackson Highest Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Vendor Manifest implementation-build-date 2017-01-12 04:31:32+0000 Low Vendor manifest Bundle-Description Core annotations used for value types, used by Jackson data binding package. Medium Vendor pom groupid fasterxml.jackson.core Highest Product pom groupid fasterxml.jackson.core Low Product pom name Jackson-annotations High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid jackson-annotations Highest Product pom parent-artifactid jackson-parent Medium Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product file name jackson-annotations High Product pom url http://github.com/FasterXML/jackson Medium Product Manifest Bundle-Name Jackson-annotations Medium Product pom description Core annotations used for value types, used by Jackson data binding package.
Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-annotations Medium Product pom parent-groupid com.fasterxml.jackson Low Product Manifest implementation-build-date 2017-01-12 04:31:32+0000 Low Product manifest Bundle-Description Core annotations used for value types, used by Jackson data binding package. Medium Product Manifest specification-title Jackson-annotations Medium Product Manifest Implementation-Title Jackson-annotations High Version file version 2.8.6 Highest Version pom version 2.8.6 Highest Version Manifest Implementation-Version 2.8.6 High
cpe: cpe:/a:fasterxml:jackson:2.8.6 Confidence :Low suppress maven: com.fasterxml.jackson.core:jackson-annotations:2.8.6 Confidence :Highest jackson-databind-2.8.6.jarDescription:
General data-binding functionality for Jackson: works on core streaming API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.6/jackson-databind-2.8.6.jar
MD5: b9bcc79b8b3883f627045b2da535e580
SHA1: c43de61f74ecc61322ef8f402837ba65b0aa2bf4
SHA256: 922413ca2ff5a8f1f86a2eaae8ff02219322ec6ff00d212e7973df8aac4bbaa3
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid jackson-parent Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest specification-vendor FasterXML Low Vendor manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium Vendor Manifest bundle-docurl http://github.com/FasterXML/jackson Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor file name jackson-databind High Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom artifactid jackson-databind Low Vendor Manifest implementation-build-date 2017-01-12 04:39:37+0000 Low Vendor pom url http://github.com/FasterXML/jackson Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom description General data-binding functionality for Jackson: works on core streaming API Medium Vendor pom groupid fasterxml.jackson.core Highest Vendor pom name jackson-databind High Product Manifest Implementation-Title jackson-databind High Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product pom groupid fasterxml.jackson.core Low Product pom artifactid jackson-databind Highest Product manifest Bundle-Description General data-binding functionality for Jackson: works on core streaming API Medium Product pom parent-artifactid jackson-parent Medium Product Manifest bundle-docurl http://github.com/FasterXML/jackson Low Product pom url http://github.com/FasterXML/jackson Medium Product file name jackson-databind High Product Manifest Bundle-Name jackson-databind Medium Product Manifest implementation-build-date 2017-01-12 04:39:37+0000 Low Product Manifest specification-title jackson-databind Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom parent-groupid com.fasterxml.jackson Low Product pom description General data-binding functionality for Jackson: works on core streaming API Medium Product pom name jackson-databind High Version file version 2.8.6 Highest Version pom version 2.8.6 Highest Version Manifest Implementation-Version 2.8.6 High
maven: com.fasterxml.jackson.core:jackson-databind:2.8.6 Confidence :Highestcpe: cpe:/a:fasterxml:jackson:2.8.6 Confidence :Low suppress cpe: cpe:/a:fasterxml:jackson-databind:2.8.6 Confidence :Highest suppress Published Vulnerabilities CVE-2017-15095 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-502 Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. Vulnerable Software & Versions: (show all )
CVE-2017-17485 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-502 Deserialization of Untrusted Data
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. Vulnerable Software & Versions: (show all )
CVE-2017-7525 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-502 Deserialization of Untrusted Data
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Vulnerable Software & Versions: (show all )
CVE-2018-5968 suppress
Severity:Medium CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CWE: CWE-184 Incomplete Blacklist
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. Vulnerable Software & Versions: (show all )
CVE-2018-7489 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-184 Incomplete Blacklist
FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. Vulnerable Software & Versions: (show all )
commons-lang-2.6.jarDescription:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256: 50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/lang/ Low Vendor pom parent-artifactid commons-parent Low Vendor pom groupid commons-lang Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor file name commons-lang High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor manifest Bundle-Description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Vendor pom url http://commons.apache.org/lang/ Highest Vendor pom description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-symbolicname org.apache.commons.lang Medium Vendor pom name Commons Lang High Vendor pom artifactid commons-lang Low Product Manifest bundle-docurl http://commons.apache.org/lang/ Low Product pom artifactid commons-lang Highest Product pom groupid commons-lang Low Product pom url http://commons.apache.org/lang/ Medium Product file name commons-lang High Product manifest Bundle-Description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom description Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Product Manifest Bundle-Name Commons Lang Medium Product Manifest bundle-symbolicname org.apache.commons.lang Medium Product pom name Commons Lang High Product Manifest specification-title Commons Lang Medium Product Manifest Implementation-Title Commons Lang High Version pom version 2.6 Highest Version Manifest Implementation-Version 2.6 High Version file version 2.6 Highest
maven: commons-lang:commons-lang:2.6 Confidence :Highest fastutil-7.1.0.jarDescription:
fastutil extends the Java Collections Framework by providing type-specific maps, sets, lists and priority queues with a small memory footprint and fast access and insertion; provides also big (64-bit) arrays, sets and lists, and fast, practical I/O classes for binary and text files. License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html File Path: /Users/Kevin/.m2/repository/it/unimi/dsi/fastutil/7.1.0/fastutil-7.1.0.jar
MD5: 35fc1f3aaab7a782873be02319a53828
SHA1: 9835253257524c1be7ab50c057aa2d418fb72082
SHA256: c266701bd7a4a2c36285862c1e682ccb7b5cb5b380d0de9bb1b34becf9e1c065
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid it.unimi.dsi Highest Vendor pom name fastutil High Vendor pom description fastutil extends the Java Collections Framework by providing type-specific maps, sets, lists and priority queues with a small memory footprint and fast access and insertion; provides also big (64-bit) arrays, sets and lists, and fast, practical I/O classes for binary and text files. Low Vendor file name fastutil High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom url http://fasutil.di.unimi.it/ Highest Vendor Manifest bundle-symbolicname it.unimi.dsi.fastutil Medium Vendor pom artifactid fastutil Low Product pom name fastutil High Product pom description fastutil extends the Java Collections Framework by providing type-specific maps, sets, lists and priority queues with a small memory footprint and fast access and insertion; provides also big (64-bit) arrays, sets and lists, and fast, practical I/O classes for binary and text files. Low Product pom artifactid fastutil Highest Product file name fastutil High Product pom url http://fasutil.di.unimi.it/ Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom groupid it.unimi.dsi Low Product Manifest Bundle-Name it.unimi.dsi.fastutil Medium Product Manifest bundle-symbolicname it.unimi.dsi.fastutil Medium Version pom version 7.1.0 Highest Version file version 7.1.0 Highest
maven: it.unimi.dsi:fastutil:7.1.0 Confidence :Highest javax.transaction-api-1.2.jarDescription:
Project GlassFish Java Transaction API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /Users/Kevin/.m2/repository/javax/transaction/javax.transaction-api/1.2/javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e
SHA256: 9528449583c34d9d63aa1d8d15069790f925ae1f27b33784773b8099eff4c9ff
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name javax.transaction-api High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor manifest Bundle-Description Java(TM) JTA 1.2 API Design Specification Medium Vendor pom organization name GlassFish Community High Vendor pom artifactid javax.transaction-api Low Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom groupid javax.transaction Highest Vendor pom url http://jta-spec.java.net Highest Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom name ${extension.name} API High Vendor Manifest extension-name javax.transaction Medium Vendor pom description Project GlassFish Java Transaction API Medium Vendor pom parent-artifactid jvnet-parent Low Vendor pom parent-groupid net.java Medium Vendor Manifest bundle-symbolicname javax.transaction-api Medium Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor pom organization url https://glassfish.java.net Medium Product file name javax.transaction-api High Product pom parent-groupid net.java Low Product manifest Bundle-Description Java(TM) JTA 1.2 API Design Specification Medium Product pom organization name GlassFish Community Low Product pom url http://jta-spec.java.net Medium Product pom artifactid javax.transaction-api Highest Product Manifest Bundle-Name javax.transaction API Medium Product pom name ${extension.name} API High Product pom groupid javax.transaction Low Product Manifest extension-name javax.transaction Medium Product pom description Project GlassFish Java Transaction API Medium Product pom parent-artifactid jvnet-parent Medium Product Manifest bundle-symbolicname javax.transaction-api Medium Product Manifest bundle-docurl https://glassfish.java.net Low Product pom organization url https://glassfish.java.net Low Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 Highest
maven: javax.transaction:javax.transaction-api:1.2 Confidence :Highest javax.resource-api-1.7.jarDescription:
Java EE Connector Architecture API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /Users/Kevin/.m2/repository/javax/resource/javax.resource-api/1.7/javax.resource-api-1.7.jar
MD5: 51129256d155d7352fc1f066d2cbc6dc
SHA1: ae40e0864eb1e92c48bf82a2a3399cbbf523fb79
SHA256: 216e0ac7018752122f3f44291aa816fc3a50504a79212a4397a194ad51308798
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest bundle-symbolicname javax.resource-api Medium Vendor pom organization name GlassFish Community High Vendor file name javax.resource-api High Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom artifactid javax.resource-api Low Vendor pom name ${extension.name} API High Vendor pom description Java EE Connector Architecture API Medium Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest extension-name javax.resource Medium Vendor pom parent-groupid net.java Medium Vendor manifest Bundle-Description Java(TM) EE Connector Architecture 1.7 API Design Specification Medium Vendor pom url http://connector-spec.java.net Highest Vendor pom groupid javax.resource Highest Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor pom organization url https://glassfish.java.net Medium Product pom parent-groupid net.java Low Product Manifest bundle-symbolicname javax.resource-api Medium Product file name javax.resource-api High Product pom groupid javax.resource Low Product pom organization name GlassFish Community Low Product pom artifactid javax.resource-api Highest Product pom name ${extension.name} API High Product pom description Java EE Connector Architecture API Medium Product Manifest Bundle-Name javax.resource API Medium Product pom parent-artifactid jvnet-parent Medium Product pom url http://connector-spec.java.net Medium Product Manifest extension-name javax.resource Medium Product manifest Bundle-Description Java(TM) EE Connector Architecture 1.7 API Design Specification Medium Product Manifest bundle-docurl https://glassfish.java.net Low Product pom organization url https://glassfish.java.net Low Version pom version 1.7 Highest Version Manifest Implementation-Version 1.7 High Version file version 1.7 Highest
maven: javax.resource:javax.resource-api:1.7 Confidence :Highest jna-4.0.0.jarDescription:
Java Native Access License:
LGPL, version 2.1: http://www.gnu.org/licenses/licenses.html
ASL, version 2: http://www.apache.org/licenses/ File Path: /Users/Kevin/.m2/repository/net/java/dev/jna/jna/4.0.0/jna-4.0.0.jar
MD5: a1e20e48a367063023db9137ceb7c63c
SHA1: 9b3a11c613ec3fd3440af4103b12c3de82d38b6e
SHA256: dac270b6441ce24d93a96ddb6e8f93d8df099192738799a6f6fcfc2b2416ca19
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor pom description Java Native Access Medium Vendor pom url twall/jna Highest Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Vendor pom name Java Native Access High Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin/libjnidispatch.jnilib; osname=macosx;processor=x86;processor=x86-64;processor=ppc Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor pom artifactid jna Low Vendor manifest Bundle-Description JNA Library Medium Vendor file name jna High Vendor pom groupid net.java.dev.jna Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product pom description Java Native Access Medium Product Manifest Bundle-Name jna Medium Product Manifest specification-title Java Native Access (JNA) Medium Product pom name Java Native Access High Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin/libjnidispatch.jnilib; osname=macosx;processor=x86;processor=x86-64;processor=ppc Low Product Manifest bundle-symbolicname com.sun.jna Medium Product manifest Bundle-Description JNA Library Medium Product pom groupid net.java.dev.jna Low Product Manifest Implementation-Title com.sun.jna High Product file name jna High Product pom url twall/jna High Product pom artifactid jna Highest Version file version 4.0.0 Highest Version pom version 4.0.0 Highest
maven: net.java.dev.jna:jna:4.0.0 Confidence :Highest jopt-simple-5.0.3.jarDescription:
A Java library for parsing command line options License:
The MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /Users/Kevin/.m2/repository/net/sf/jopt-simple/jopt-simple/5.0.3/jopt-simple-5.0.3.jar
MD5: 0a5ec84e23df9d7cfb4063bc55f2744c
SHA1: cdd846cfc4e0f7eefafc02c0f5dce32b9303aa2a
SHA256: 6f45c00908265947c39221035250024f2caec9a15c1c8cf553ebeecee289f342
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name jopt-simple High Vendor pom groupid net.sf.jopt-simple Highest Vendor pom artifactid jopt-simple Low Vendor pom name JOpt Simple High Vendor manifest Bundle-Description A Java library for parsing command line options Medium Vendor pom description A Java library for parsing command line options Medium Vendor Manifest bundle-symbolicname net.sf.jopt-simple.jopt-simple Medium Vendor pom url http://pholser.github.io/jopt-simple Highest Product pom url http://pholser.github.io/jopt-simple Medium Product file name jopt-simple High Product Manifest Bundle-Name jopt-simple Medium Product pom name JOpt Simple High Product manifest Bundle-Description A Java library for parsing command line options Medium Product pom groupid net.sf.jopt-simple Low Product pom description A Java library for parsing command line options Medium Product pom artifactid jopt-simple Highest Product Manifest bundle-symbolicname net.sf.jopt-simple.jopt-simple Medium Version pom version 5.0.3 Highest Version file version 5.0.3 Highest
maven: net.sf.jopt-simple:jopt-simple:5.0.3 Confidence :Highest log4j-core-2.7.jarDescription:
The Apache Log4j Implementation License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/logging/log4j/log4j-core/2.7/log4j-core-2.7.jar
MD5: 2b63e0e5063fdaccf669a1e26384f3fd
SHA1: a3f2b4e64c61a7fc1ed8f1e5ba371933404ed98a
SHA256: 5bb84e110d5f18cee47021a024d358227612dd6dac7b97fa781f85c6ad3ccee4
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description The Apache Log4j Implementation Medium Vendor pom parent-artifactid log4j Low Vendor pom name Apache Log4j Core High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.logging.log4j Medium Vendor pom description The Apache Log4j Implementation Medium Vendor Manifest log4jreleasemanager Ralph Goers Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Vendor pom artifactid log4j-core Low Vendor file name log4j-core High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom groupid apache.logging.log4j Highest Vendor pom groupid org.apache.logging.log4j Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor Manifest bundle-docurl http://www.apache.org Low Product pom groupid apache.logging.log4j Low Product manifest Bundle-Description The Apache Log4j Implementation Medium Product pom name Apache Log4j Core High Product Manifest Bundle-Name Apache Log4j Core Medium Product pom parent-artifactid log4j Medium Product Manifest Implementation-Title Apache Log4j Core High Product pom parent-groupid org.apache.logging.log4j Low Product Manifest specification-title Apache Log4j Core Medium Product pom description The Apache Log4j Implementation Medium Product Manifest log4jreleasemanager Ralph Goers Low Product Manifest bundle-symbolicname org.apache.logging.log4j.core Medium Product file name log4j-core High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom artifactid log4j-core Highest Product Manifest bundle-docurl http://www.apache.org Low Version pom version 2.7 Highest Version file version 2.7 Highest Version Manifest Implementation-Version 2.7 High
Related Dependencies log4j-api-2.7.jarFile Path: /Users/Kevin/.m2/repository/org/apache/logging/log4j/log4j-api/2.7/log4j-api-2.7.jar MD5: 8c6059adc8248076dfbfec5b875ead3d SHA1: 8de00e382a817981b737be84cb8def687d392963 SHA256: 2119221bfc18bc8b13f807a1eaa9bc12324efd0c6fb2a993a0a2445d4b47c263 cpe: cpe:/a:apache:log4j:2.7 maven: org.apache.logging.log4j:log4j-core:2.7 Confidence :Highestcpe: cpe:/a:apache:log4j:2.7 Confidence :Highest suppress Published Vulnerabilities CVE-2017-5645 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-502 Deserialization of Untrusted Data
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. Vulnerable Software & Versions: (show all )
shiro-core-1.3.2.jarDescription:
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/shiro/shiro-core/1.3.2/shiro-core-1.3.2.jar
MD5: 1c71224cdfa52fcba0a20b992195cf36
SHA1: b5dede9d890f335998a8ebf479809fe365b927fc
SHA256: 2d5f2658e691012b9e62c6061fd817a98518d03e6370ab2f370d274835ca3a8c
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.shiro Medium Vendor Manifest bundle-symbolicname org.apache.shiro.core Medium Vendor pom groupid org.apache.shiro Highest Vendor manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low Vendor pom groupid apache.shiro Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name shiro-core High Vendor pom name Apache Shiro :: Core High Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid shiro-root Low Vendor pom artifactid shiro-core Low Product Manifest Implementation-Title Apache Shiro :: Core High Product Manifest bundle-symbolicname org.apache.shiro.core Medium Product manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low Product Manifest specification-title Apache Shiro :: Core Medium Product pom parent-groupid org.apache.shiro Low Product file name shiro-core High Product pom groupid apache.shiro Low Product pom name Apache Shiro :: Core High Product pom artifactid shiro-core Highest Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache Shiro :: Core Medium Product pom parent-artifactid shiro-root Medium Version pom version 1.3.2 Highest Version Manifest Implementation-Version 1.3.2 High Version file version 1.3.2 Highest
maven: org.apache.shiro:shiro-core:1.3.2 Confidence :Highestcpe: cpe:/a:apache:shiro:1.3.2 Confidence :Low suppress commons-beanutils-1.9.3.jarDescription:
Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-beanutils/commons-beanutils/1.9.3/commons-beanutils-1.9.3.jar
MD5: 4a105c9d029a7edc6f2b16567d37eab6
SHA1: c845703de334ddc6b4b3cd26835458cb1cba1f3d
SHA256: c058e39c7c64203d3a448f3adb588cb03d6378ed808485618f26e137f29dae73
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid commons-parent Low Vendor manifest Bundle-Description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Vendor Manifest bundle-symbolicname org.apache.commons.beanutils Medium Vendor pom artifactid commons-beanutils Low Vendor Manifest implementation-build tags/BEANUTILS_1_9_3_RC3@r1761785; 2016-09-21 16:19:55+0000 Low Vendor pom url https://commons.apache.org/proper/commons-beanutils/ Highest Vendor pom description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low Vendor file name commons-beanutils High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Apache Commons BeanUtils High Vendor pom groupid commons-beanutils Highest Product Manifest specification-title Apache Commons BeanUtils Medium Product pom groupid commons-beanutils Low Product manifest Bundle-Description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low Product pom artifactid commons-beanutils Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest implementation-url https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest Bundle-Name Apache Commons BeanUtils Medium Product Manifest bundle-docurl https://commons.apache.org/proper/commons-beanutils/ Low Product Manifest bundle-symbolicname org.apache.commons.beanutils Medium Product Manifest implementation-build tags/BEANUTILS_1_9_3_RC3@r1761785; 2016-09-21 16:19:55+0000 Low Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom url https://commons.apache.org/proper/commons-beanutils/ Medium Product pom description Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection. Low Product file name commons-beanutils High Product pom name Apache Commons BeanUtils High Product Manifest Implementation-Title Apache Commons BeanUtils High Version Manifest Implementation-Version 1.9.3 High Version file version 1.9.3 Highest Version pom version 1.9.3 Highest
cpe: cpe:/a:apache:commons_beanutils:1.9.3 Confidence :Low suppress maven: commons-beanutils:commons-beanutils:1.9.3 Confidence :Highest fast-classpath-scanner-2.0.11.jarDescription:
Uber-fast, ultra-lightweight Java classpath scanner. Scans the classpath by parsing the classfile binary format directly rather than by using reflection.
See https://github.com/lukehutch/fast-classpath-scanner
License:
The MIT License (MIT): http://opensource.org/licenses/MIT File Path: /Users/Kevin/.m2/repository/io/github/lukehutch/fast-classpath-scanner/2.0.11/fast-classpath-scanner-2.0.11.jar
MD5: d2d38795baa2d167da1b82516db630d5
SHA1: ae34a7a5e6de8ad1f86e12f6f7ae1869fcfe9987
SHA256: ee7e4bf67b29338318c48caaf204f59de8fcb8d2f782fa315fffd0c60c7d5962
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name FastClasspathScanner High Vendor manifest Bundle-Description Uber-fast, ultra-lightweight Java classpath scanner. Scans the classpath by parsing the classfile binary format directly rather than by using reflection.See https://github.com/lukehutch/fast-classpath-scanner Low Vendor pom url lukehutch/fast-classpath-scanner Highest Vendor file name fast-classpath-scanner High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid fast-classpath-scanner Low Vendor pom groupid io.github.lukehutch Highest Vendor Manifest bundle-symbolicname io.github.lukehutch.fast-classpath-scanner Medium Vendor Manifest Implementation-Vendor-Id io.github.lukehutch Medium Vendor Manifest implementation-url https://github.com/lukehutch/fast-classpath-scanner Low Vendor pom description Uber-fast, ultra-lightweight Java classpath scanner. Scans the classpath by parsing the classfile binary format directly rather than by using reflection. See https://github.com/lukehutch/fast-classpath-scanner Low Product pom name FastClasspathScanner High Product Manifest implementation-url https://github.com/lukehutch/fast-classpath-scanner Low Product Manifest Bundle-Name FastClasspathScanner Medium Product pom groupid io.github.lukehutch Low Product Manifest Implementation-Title FastClasspathScanner High Product Manifest specification-title FastClasspathScanner Medium Product manifest Bundle-Description Uber-fast, ultra-lightweight Java classpath scanner. Scans the classpath by parsing the classfile binary format directly rather than by using reflection.See https://github.com/lukehutch/fast-classpath-scanner Low Product file name fast-classpath-scanner High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom url lukehutch/fast-classpath-scanner High Product Manifest bundle-symbolicname io.github.lukehutch.fast-classpath-scanner Medium Product pom artifactid fast-classpath-scanner Highest Product pom description Uber-fast, ultra-lightweight Java classpath scanner. Scans the classpath by parsing the classfile binary format directly rather than by using reflection. See https://github.com/lukehutch/fast-classpath-scanner Low Version Manifest Implementation-Version 2.0.11 High Version pom version 2.0.11 Highest Version file version 2.0.11 Highest
maven: io.github.lukehutch:fast-classpath-scanner:2.0.11 Confidence :Highest geode-core-1.2.1.jarDescription:
Apache Geode provides a database-like consistency model, reliable transaction processing and a shared-nothing architecture to maintain very low latency performance with high concurrency processing License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/geode/geode-core/1.2.1/geode-core-1.2.1.jar
MD5: 03350317340b54a7c6e08e58ca201229
SHA1: fe853317e33dd2a1c291f29cee3c4be549f75a69
SHA256: 63d6199a262afd27f479619731213d15f907b2c3b047d79685bc58afa4daae29
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.geode Highest Vendor pom artifactid geode-core Low Vendor pom description Apache Geode provides a database-like consistency model, reliable transaction processing and a shared-nothing architecture to maintain very low latency performance with high concurrency processing Low Vendor file name geode-core High Vendor pom url http://geode.apache.org Highest Vendor Manifest organization Apache Software Foundation (ASF) Low Vendor pom groupid org.apache.geode Highest Vendor pom name Apache Geode High Product Manifest title geode Medium Product pom description Apache Geode provides a database-like consistency model, reliable transaction processing and a shared-nothing architecture to maintain very low latency performance with high concurrency processing Low Product pom url http://geode.apache.org Medium Product file name geode-core High Product Manifest organization Apache Software Foundation (ASF) Low Product pom artifactid geode-core Highest Product pom groupid apache.geode Low Product pom name Apache Geode High Version file version 1.2.1 Highest Version pom version 1.2.1 Highest
Related Dependencies geode-common-1.2.1.jarFile Path: /Users/Kevin/.m2/repository/org/apache/geode/geode-common/1.2.1/geode-common-1.2.1.jar MD5: 94b2d0c9051aeffb569a476848ef5be1 SHA1: 9db253081d33f424f6e3ce0cde4b306e23e3420b SHA256: 4febed330ac0135f9d1f9c9d4cd054e7f8a59cb2dea1fea123f0835f52b1efb9 cpe: cpe:/a:apache:geode:1.2.1 geode-json-1.2.1.jarFile Path: /Users/Kevin/.m2/repository/org/apache/geode/geode-json/1.2.1/geode-json-1.2.1.jar MD5: fd5d2c91b2b02522d8f98f0c781bdb20 SHA1: bdb4c262e4ce6bb3b22e0f511cfb133a65fa0c04 SHA256: bf63e557a92ccd03cfe0c4529afb1882f31f1597cbe7ca60a9b79061671a1bbe cpe: cpe:/a:apache:geode:1.2.1 Published Vulnerabilities CVE-2017-12622 suppress
Severity:Medium CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N) CWE: CWE-200 Information Exposure
When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges. Vulnerable Software & Versions: (show all )
CVE-2017-15692 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-502 Deserialization of Untrusted Data
In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath. Vulnerable Software & Versions: (show all )
CVE-2017-15693 suppress
Severity:Medium CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CWE: CWE-502 Deserialization of Untrusted Data
In Apache Geode before v1.4.0, the Geode server stores application objects in serialized form. Certain cluster operations and API invocations cause these objects to be deserialized. A user with DATA:WRITE access to the cluster may be able to cause remote code execution if certain classes are present on the classpath. Vulnerable Software & Versions: (show all )
CVE-2017-15695 suppress
Severity:Medium CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with a security manager, a user with DATA:WRITE privileges is allowed to deploy code by invoking an internal Geode function. This allows remote code execution. Code deployment should be restricted to users with DATA:MANAGE privilege. Vulnerable Software & Versions: (show all )
CVE-2017-15696 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code. Vulnerable Software & Versions: (show all )
CVE-2017-9795 suppress
Severity:Medium CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CWE: CWE-200 Information Exposure
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote code execution. Vulnerable Software & Versions: (show all )
CVE-2017-9796 suppress
Severity:Low CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions. Vulnerable Software & Versions: (show all )
javax.persistence-2.1.0.jarDescription:
EclipseLink build based upon Git transaction 3faac2b License:
Eclipse Public License v1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/persistence/javax.persistence/2.1.0/javax.persistence-2.1.0.jar
MD5: da288f571e85f4a1a7f50cb8c9ef9bbd
SHA1: 5bab675816dbe0f64bb86004b108bf2a00292358
SHA256: 227c4888011550cad0aed4c07e187b9f8e873c01558a08f014d288987415a9a9
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor pom description EclipseLink build based upon Git transaction 3faac2b Medium Vendor pom name Javax Persistence High Vendor Manifest (hint) specification-vendor sun Low Vendor pom groupid eclipse.persistence Highest Vendor pom organization url http://www.eclipse.org/eclipselink Medium Vendor pom groupid org.eclipse.persistence Highest Vendor pom artifactid javax.persistence Low Vendor file name javax.persistence High Vendor Manifest bundle-symbolicname javax.persistence Medium Vendor Manifest specification-vendor Oracle Low Vendor Manifest extension-name javax.persistence Medium Vendor Manifest Implementation-Vendor Eclipse.org - EclipseLink Project High Vendor pom url http://www.eclipse.org/eclipselink Highest Vendor pom organization name Eclipse.org - EclipseLink Project High Product pom groupid eclipse.persistence Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product pom description EclipseLink build based upon Git transaction 3faac2b Medium Product pom name Javax Persistence High Product pom url http://www.eclipse.org/eclipselink Medium Product pom organization url http://www.eclipse.org/eclipselink Low Product pom organization name Eclipse.org - EclipseLink Project Low Product file name javax.persistence High Product Manifest bundle-symbolicname javax.persistence Medium Product Manifest extension-name javax.persistence Medium Product pom artifactid javax.persistence Highest Product Manifest Bundle-Name Java Persistence API 2.1 Medium Version pom version 2.1.0 Highest Version Manifest Implementation-Version 2.1.0 High Version file version 2.1.0 Highest
maven: org.eclipse.persistence:javax.persistence:2.1.0 Confidence :Highest commonj.sdo-2.1.1.jarDescription:
EclipseLink build based upon Git transaction 9c3c264 License:
Eclipse Public License v1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/persistence/commonj.sdo/2.1.1/commonj.sdo-2.1.1.jar
MD5: 6e95eece101364642efe2d4543c8993c
SHA1: 90d4c89ce0a69f58619f1a247bbf420122139ff5
SHA256: b7ea9746f2c77e7261485b39b09938ca54e9cb58eb0d7c250a97d300b9a0dbbe
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom description EclipseLink build based upon Git transaction 9c3c264 Medium Vendor pom artifactid commonj.sdo Low Vendor pom name SDO API High Vendor pom url http://www.eclipse.org/eclipselink Highest Vendor pom groupid eclipse.persistence Highest Vendor pom organization name Eclipse.org - EclipseLink Project High Vendor Manifest bundle-symbolicname commonj.sdo Medium Vendor pom organization url http://www.eclipse.org/eclipselink Medium Vendor pom groupid org.eclipse.persistence Highest Vendor file name commonj.sdo High Product pom groupid eclipse.persistence Low Product pom organization name Eclipse.org - EclipseLink Project Low Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom description EclipseLink build based upon Git transaction 9c3c264 Medium Product pom name SDO API High Product Manifest Bundle-Name %bundleName Medium Product pom url http://www.eclipse.org/eclipselink Medium Product pom organization url http://www.eclipse.org/eclipselink Low Product pom artifactid commonj.sdo Highest Product Manifest bundle-symbolicname commonj.sdo Medium Product file name commonj.sdo High Version file version 2.1.1 Highest Version pom version 2.1.1 Highest
maven: org.eclipse.persistence:commonj.sdo:2.1.1 Confidence :Highest eclipselink-2.5.2.jarDescription:
EclipseLink build based upon Git transaction 9ad6abd License:
Eclipse Public License v1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/persistence/eclipselink/2.5.2/eclipselink-2.5.2.jar
MD5: 18562489919fbec70cc77897a7a7bbb7
SHA1: cd2211635f3011e300ca8fedc1ce0e1cf61c175b
SHA256: 67d175c1858005308ae9a02ff85c0bc7efc9a2a3c058a6838d51769f417f5247
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description EclipseLink build based upon Git transaction 9ad6abd Medium Vendor Manifest specification-vendor Eclipse.org - EclipseLink Project Low Vendor pom groupid eclipse.persistence Highest Vendor pom organization url http://www.eclipse.org/eclipselink Medium Vendor pom groupid org.eclipse.persistence Highest Vendor file name eclipselink High Vendor pom artifactid eclipselink Low Vendor Manifest Implementation-Vendor Eclipse.org - EclipseLink Project High Vendor Manifest release-designation EclipseLink 2.5.2 Low Vendor pom url http://www.eclipse.org/eclipselink Highest Vendor pom organization name Eclipse.org - EclipseLink Project High Vendor pom name EclipseLink (non-OSGi) High Product pom groupid eclipse.persistence Low Product pom organization name Eclipse.org - EclipseLink Project Low Product Manifest specification-title Eclipse Persistence Services Medium Product pom artifactid eclipselink Highest Product Manifest Implementation-Title org.eclipse.persistence High Product pom description EclipseLink build based upon Git transaction 9ad6abd Medium Product pom url http://www.eclipse.org/eclipselink Medium Product Manifest release-designation EclipseLink 2.5.2 Low Product pom organization url http://www.eclipse.org/eclipselink Low Product pom name EclipseLink (non-OSGi) High Product file name eclipselink High Version file version 2.5.2 Highest Version pom version 2.5.2 Highest
maven: org.eclipse.persistence:eclipselink:2.5.2 Confidence :Highest gateway-i18n-logging-log4j-0.10.0.jarDescription:
An extension of the logging framework that integrates Log4J. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-i18n-logging-log4j/0.10.0/gateway-i18n-logging-log4j-0.10.0.jar
MD5: 90c975d94d6e579bd4c29da76b7ca6fe
SHA1: 8887ab7157d97d51d53fe3963e23360579d341f8
SHA256: 62412868890370bb9c2aeafbeca2c648c1a5f7c19ac933cbfaefcaa8217c51a2
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.knox Highest Vendor pom parent-groupid org.apache.knox Medium Vendor pom parent-artifactid gateway Low Vendor file name gateway-i18n-logging-log4j High Vendor pom groupid org.apache.knox Highest Vendor pom description An extension of the logging framework that integrates Log4J. Medium Vendor Manifest Implementation-Vendor-Id org.apache.knox Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid gateway-i18n-logging-log4j Low Vendor pom name gateway-i18n-logging-log4j High Product pom parent-artifactid gateway Medium Product Manifest specification-title gateway-i18n-logging-log4j Medium Product pom parent-groupid org.apache.knox Low Product file name gateway-i18n-logging-log4j High Product Manifest Implementation-Title gateway-i18n-logging-log4j High Product pom groupid apache.knox Low Product pom description An extension of the logging framework that integrates Log4J. Medium Product pom artifactid gateway-i18n-logging-log4j Highest Product pom name gateway-i18n-logging-log4j High Version Manifest Implementation-Version 0.10.0 High Version file version 0.10.0 Highest Version pom version 0.10.0 Highest
cpe: cpe:/a:apache:log4j:0.10.0 Confidence :Low suppress maven: org.apache.knox:gateway-i18n-logging-log4j:0.10.0 Confidence :Highest apacheds-i18n-2.0.0-M5.jarDescription:
Internationalization of errors and other messages License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/directory/server/apacheds-i18n/2.0.0-M5/apacheds-i18n-2.0.0-M5.jar
MD5: 8b62adb819490e47cada8fe9fecce26f
SHA1: a94114a538f8a6020f1728b05e06941ea74f079c
SHA256: 7130fd997be445dd29d4fc4bdf39560cb34c95cee657fcf26ed9292388295139
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.directory.server Highest Vendor pom parent-artifactid apacheds-parent Low Vendor pom groupid apache.directory.server Highest Vendor file name apacheds-i18n High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor manifest Bundle-Description Internationalization of errors and other messages Medium Vendor Manifest Implementation-Vendor-Id org.apache.directory.server Medium Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor pom name ApacheDS I18n High Vendor Manifest bundle-symbolicname org.apache.directory.server.i18n Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.directory.server Medium Vendor pom description Internationalization of errors and other messages Medium Vendor pom artifactid apacheds-i18n Low Product pom artifactid apacheds-i18n Highest Product file name apacheds-i18n High Product pom parent-artifactid apacheds-parent Medium Product manifest Bundle-Description Internationalization of errors and other messages Medium Product Manifest bundle-docurl http://www.apache.org/ Low Product pom name ApacheDS I18n High Product Manifest bundle-symbolicname org.apache.directory.server.i18n Medium Product Manifest Bundle-Name ApacheDS I18n Medium Product Manifest Implementation-Title ApacheDS I18n High Product Manifest specification-title ApacheDS I18n Medium Product pom parent-groupid org.apache.directory.server Low Product pom description Internationalization of errors and other messages Medium Product pom groupid apache.directory.server Low Version Manifest Implementation-Version 2.0.0-M5 High Version pom version 2.0.0-M5 Highest Version file version 2.0.0.m5 Highest
maven: org.apache.directory.server:apacheds-i18n:2.0.0-M5 Confidence :Highest apacheds-jdbm-2.0.0-M5.jarDescription:
Specific JDBM Implementation License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/directory/server/apacheds-jdbm/2.0.0-M5/apacheds-jdbm-2.0.0-M5.jar
MD5: c77336eeb5ae8b3e081345ce26ea47ef
SHA1: fcb14d6453ccf74e124fe352df3f671af680af7c
SHA256: a5c0003c9be871bfc348c8f31f1c4d00ad270fbdfb2a18cda9feba647d009f69
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.directory.server Highest Vendor pom parent-artifactid apacheds-parent Low Vendor pom groupid apache.directory.server Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name apacheds-jdbm High Vendor pom name ApacheDS JDBM implementation High Vendor Manifest bundle-symbolicname org.apache.directory.server.jdbm Medium Vendor pom description Specific JDBM Implementation Medium Vendor Manifest Implementation-Vendor-Id org.apache.directory.server Medium Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid apacheds-jdbm Low Vendor pom parent-groupid org.apache.directory.server Medium Vendor manifest Bundle-Description Specific JDBM Implementation Medium Product Manifest specification-title ApacheDS JDBM implementation Medium Product Manifest Implementation-Title ApacheDS JDBM implementation High Product pom artifactid apacheds-jdbm Highest Product pom parent-artifactid apacheds-parent Medium Product file name apacheds-jdbm High Product Manifest Bundle-Name ApacheDS JDBM implementation Medium Product pom name ApacheDS JDBM implementation High Product Manifest bundle-symbolicname org.apache.directory.server.jdbm Medium Product pom description Specific JDBM Implementation Medium Product Manifest bundle-docurl http://www.apache.org/ Low Product pom parent-groupid org.apache.directory.server Low Product manifest Bundle-Description Specific JDBM Implementation Medium Product pom groupid apache.directory.server Low Version Manifest Implementation-Version 2.0.0-M5 High Version pom version 2.0.0-M5 Highest Version file version 2.0.0.m5 Highest
maven: org.apache.directory.server:apacheds-jdbm:2.0.0-M5 Confidence :Highest json-smart-1.3.1.jarDescription:
JSON (JavaScript Object Notation) is a lightweight data-interchange format.
It is easy for humans to read and write. It is easy for machines to parse and generate.
It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition
- December 1999. JSON is a text format that is completely language independent but uses
conventions that are familiar to programmers of the C-family of languages, including C, C++, C#,
Java, JavaScript, Perl, Python, and many others.
These properties make JSON an ideal data-interchange language.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/net/minidev/json-smart/1.3.1/json-smart-1.3.1.jar
MD5: b4f09b247c03cc2d091502d5b1db1f7f
SHA1: 69b3835e96d282ec85fc2e1517b8164c45ed639e
SHA256: ac3689112788e042088755e63ecd1f689adfeb04d7fb1cfd244513f94f82522c
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid json-smart Low Vendor pom name JSON Small and Fast Parser High Vendor Manifest bundle-docurl http://www.minidev.net/ Low Vendor manifest Bundle-Description JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but... Low Vendor file name json-smart High Vendor Manifest bundle-symbolicname net.minidev.json-smart Medium Vendor pom groupid net.minidev Highest Vendor pom parent-artifactid parent Low Vendor pom description JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but... Low Product pom groupid net.minidev Low Product pom parent-artifactid parent Medium Product Manifest Bundle-Name json-smart Medium Product pom name JSON Small and Fast Parser High Product Manifest bundle-docurl http://www.minidev.net/ Low Product manifest Bundle-Description JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but... Low Product file name json-smart High Product Manifest bundle-symbolicname net.minidev.json-smart Medium Product pom artifactid json-smart Highest Product pom description JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but... Low Version file version 1.3.1 Highest Version pom version 1.3.1 Highest
maven: net.minidev:json-smart:1.3.1 Confidence :Highest nimbus-jose-jwt-4.11.jarDescription:
Java library for Javascript Object Signing and Encryption (JOSE) and
JSON Web Tokens (JWT)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/nimbusds/nimbus-jose-jwt/4.11/nimbus-jose-jwt-4.11.jar
MD5: 4937436b091719cc6ad75ee61a4f1e2b
SHA1: 9409f5b0a69dc17fa426ac3d65c9d46990df2770
SHA256: cab3445297d9a39ad63ed9d63a2471d58e447c2e3eaecabc87b01b6f751de6f3
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor Connect2id Ltd. Low Vendor Manifest bundle-docurl http://connect2id.com Low Vendor pom url https://bitbucket.org/connect2id/nimbus-jose-jwt Highest Vendor Manifest Implementation-Vendor-Id com.nimbusds Medium Vendor pom artifactid nimbus-jose-jwt Low Vendor Manifest build-date ${timestamp} Low Vendor Manifest build-number ${buildNumber} Low Vendor pom groupid nimbusds Highest Vendor manifest Bundle-Description Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT) Medium Vendor Manifest Implementation-Vendor Connect2id Ltd. High Vendor pom groupid com.nimbusds Highest Vendor pom description Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT) Low Vendor pom organization name Connect2id Ltd. High Vendor pom name Nimbus JOSE+JWT High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor Manifest build-tag 4.11 Low Vendor pom organization url http://connect2id.com Medium Vendor Manifest bundle-symbolicname com.nimbusds.nimbus-jose-jwt Medium Vendor file name nimbus-jose-jwt High Product Manifest Implementation-Title Nimbus JOSE+JWT High Product Manifest bundle-docurl http://connect2id.com Low Product pom url https://bitbucket.org/connect2id/nimbus-jose-jwt Medium Product pom groupid nimbusds Low Product Manifest build-date ${timestamp} Low Product Manifest build-number ${buildNumber} Low Product manifest Bundle-Description Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT) Medium Product pom organization url http://connect2id.com Low Product pom description Java library for Javascript Object Signing and Encryption (JOSE) and JSON Web Tokens (JWT) Low Product Manifest Bundle-Name Nimbus JOSE+JWT Medium Product pom artifactid nimbus-jose-jwt Highest Product Manifest specification-title Nimbus JOSE+JWT Medium Product pom organization name Connect2id Ltd. Low Product pom name Nimbus JOSE+JWT High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest build-tag 4.11 Low Product Manifest bundle-symbolicname com.nimbusds.nimbus-jose-jwt Medium Product file name nimbus-jose-jwt High Version file version 4.11 Highest Version Manifest Implementation-Version 4.11 High Version pom version 4.11 Highest
Published Vulnerabilities CVE-2017-12972 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-345 Insufficient Verification of Data Authenticity
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. Vulnerable Software & Versions: (show all )
CVE-2017-12973 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-310 Cryptographic Issues
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. Vulnerable Software & Versions: (show all )
CVE-2017-12974 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-310 Cryptographic Issues
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. Vulnerable Software & Versions: (show all )
json-path-0.9.1.jarDescription:
Java JsonPath implementation License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /Users/Kevin/.m2/repository/com/jayway/jsonpath/json-path/0.9.1/json-path-0.9.1.jar
MD5: 4a988b13309eb8dc724e20dd81b7578d
SHA1: 1a198cf545b2656656fecda5add3ba436e715185
SHA256: 5a3f7746983bc88e8b04c30bd1e934aa9ef197c9f64d2ae7e05cfb108184c5f3
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name json-path High Vendor pom groupid jayway.jsonpath Highest Vendor pom url http://code.google.com/p/json-path/ Highest Vendor pom parent-artifactid json-path-parent Low Vendor pom groupid com.jayway.jsonpath Highest Vendor pom parent-groupid com.jayway.jsonpath Medium Vendor manifest Bundle-Description Java JsonPath implementation Medium Vendor pom artifactid json-path Low Vendor Manifest bundle-symbolicname com.jayway.jsonpath.json-path Medium Vendor pom name json-path High Product pom parent-groupid com.jayway.jsonpath Low Product pom artifactid json-path Highest Product file name json-path High Product pom parent-artifactid json-path-parent Medium Product manifest Bundle-Description Java JsonPath implementation Medium Product Manifest Bundle-Name json-path Medium Product Manifest bundle-symbolicname com.jayway.jsonpath.json-path Medium Product pom groupid jayway.jsonpath Low Product pom name json-path High Product pom url http://code.google.com/p/json-path/ Medium Version pom version 0.9.1 Highest Version file version 0.9.1 Highest
maven: com.jayway.jsonpath:json-path:0.9.1 Confidence :Highest gateway-spi-0.10.0.jarDescription:
The Service Provider Interface for extending the capabilities of the gateway. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-spi/0.10.0/gateway-spi-0.10.0.jar
MD5: 4814f10fddb58c3ed8182be2088b928b
SHA1: b91bca88e79ea485ddc78c6ed67c11f416a1b568
SHA256: e6cf7ad413a67a7665b9925b9e01b86611dbe1d6d55ebfc67af18c309f640a59
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name gateway-spi High Vendor pom groupid apache.knox Highest Vendor pom description The Service Provider Interface for extending the capabilities of the gateway. Medium Vendor pom parent-groupid org.apache.knox Medium Vendor pom parent-artifactid gateway Low Vendor pom artifactid gateway-spi Low Vendor pom groupid org.apache.knox Highest Vendor file name gateway-spi High Vendor Manifest Implementation-Vendor-Id org.apache.knox Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Product Manifest specification-title gateway-spi Medium Product pom name gateway-spi High Product pom parent-artifactid gateway Medium Product pom description The Service Provider Interface for extending the capabilities of the gateway. Medium Product pom parent-groupid org.apache.knox Low Product pom artifactid gateway-spi Highest Product Manifest Implementation-Title gateway-spi High Product pom groupid apache.knox Low Product file name gateway-spi High Version Manifest Implementation-Version 0.10.0 High Version file version 0.10.0 Highest Version pom version 0.10.0 Highest
Related Dependencies gateway-provider-rewrite-0.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-provider-rewrite/0.10.0/gateway-provider-rewrite-0.10.0.jar MD5: 4554a85e9bb4fb71dd647b49b33f0288 SHA1: e1f315374e02850e1146adbf2ba8e86049805162 SHA256: bf0d34ea9480b1c813f9d60fad077a0469fc03a2ec41b9dc112d3500b3d87acb cpe: cpe:/a:apache:knox:0.10.0 gateway-util-common-0.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-util-common/0.10.0/gateway-util-common-0.10.0.jar MD5: bda47e2ae6e1498c2fde6643ac165241 SHA1: 14bb629b9350633b799292c17d3c565b2bf6fc95 SHA256: e9b0e4b6e8ff6da93a6adcad619b0011ae7da62137ee8a28c5d2e74bb68a644f cpe: cpe:/a:apache:knox:0.10.0 gateway-util-urltemplate-0.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-util-urltemplate/0.10.0/gateway-util-urltemplate-0.10.0.jar MD5: 742c9548963d627455cd7729787242ec SHA1: 1c014a1a2ea4c6aa8e88235b802137a2f7791cce SHA256: 7bbdf9247697b1bfe080ac53c4790d54c3e963ffedc8d966da963ea55045ca16 cpe: cpe:/a:apache:knox:0.10.0 gateway-server-xforwarded-filter-0.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-server-xforwarded-filter/0.10.0/gateway-server-xforwarded-filter-0.10.0.jar MD5: f7c2376ea56d2017cc1d81da4a8753c8 SHA1: 6d215c6508ff741d97c4619bceef442407b354bb SHA256: b53557ecd0c3bdea0edaa13419f681847f5062ce513ac05ddd781cb68b29b0de cpe: cpe:/a:apache:knox:0.10.0 gateway-util-configinjector-0.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-util-configinjector/0.10.0/gateway-util-configinjector-0.10.0.jar MD5: 5dd090a5674c356a4cff6db6896dbdba SHA1: 8cd29fe6465e56c2e6187490eb007ead0562f482 SHA256: d4375416227f986fbd196ed204d8843d02a65e78ad76af7a4920b448f4fffbe1 cpe: cpe:/a:apache:knox:0.10.0 gateway-i18n-0.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-i18n/0.10.0/gateway-i18n-0.10.0.jar MD5: af0406a22d2f2340db1e95e2fcf53b5b SHA1: 41367ddc3fd671b782751261d66ca84e0b40abc4 SHA256: 3ea4dec40c5be65575fe79aaa74e1e77bfff92d8cae1a89029baeed573831767 cpe: cpe:/a:apache:knox:0.10.0 gateway-server-0.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-server/0.10.0/gateway-server-0.10.0.jar MD5: 4eb9696254b6c36f911f07dc3421eb4d SHA1: 4bc853efd49ea2ecf9bb6f27776066bb238ac502 SHA256: d7d1b204bcf7e364fe66f4d8472376626a51c5b3c3e6250b302de573eb96a734 cpe: cpe:/a:apache:knox:0.10.0 gateway-service-definitions-0.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-service-definitions/0.10.0/gateway-service-definitions-0.10.0.jar MD5: e5e8c821bcbc7bc33e2b5abe93ebe0ec SHA1: c9a9a3bf20b1ea60da4d692025ff7395093229ad SHA256: 16a1074cf0d4f51ef4c60aceb728e35ee78060db5c1a62b1506872822409b349 cpe: cpe:/a:apache:knox:0.10.0 gateway-util-launcher-0.10.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/knox/gateway-util-launcher/0.10.0/gateway-util-launcher-0.10.0.jar MD5: 4fbba3a4b813df51f432abd912a2e0e3 SHA1: 64f75adafa0a532a5a373f048d7d08bd5c108c2d SHA256: d55f2802e072ba60bcae084ec13d82ab69e2b3d241ef548a41134ae2a8ad0e1e cpe: cpe:/a:apache:knox:0.10.0 Published Vulnerabilities CVE-2017-5646 suppress
Severity:Medium CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N) CWE: CWE-346 Origin Validation Error
For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated user may use a specially crafted URL to impersonate another user while accessing WebHDFS through Apache Knox. This may result in escalated privileges and unauthorized data access. While this activity is audit logged and can be easily associated with the authenticated user, this is still a serious security issue. All users are recommended to upgrade to the Apache Knox 0.12.0 release. Vulnerable Software & Versions: (show all )
hadoop-auth-2.2.0.jarDescription:
Apache Hadoop Auth - Java HTTP SPNEGO File Path: /Users/Kevin/.m2/repository/org/apache/hadoop/hadoop-auth/2.2.0/hadoop-auth-2.2.0.jarMD5: 8bb0f03bea387738b61642a2502b3289SHA1: 74e5f8b2134be51312c004d29e33a7bf4377ce20SHA256: f2c50d66e049c378088975774656d8e111265d12fbba1cde97de71dd01b96d2bReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor jar package name hadoop Low Vendor pom artifactid hadoop-auth Low Vendor pom description Apache Hadoop Auth - Java HTTP SPNEGO Medium Vendor pom parent-groupid org.apache.hadoop Medium Vendor jar package name apache Low Vendor pom name Apache Hadoop Auth High Vendor jar package name security Low Vendor pom groupid apache.hadoop Highest Vendor pom groupid org.apache.hadoop Highest Vendor file name hadoop-auth High Vendor pom parent-artifactid hadoop-project Low Product jar package name hadoop Low Product pom description Apache Hadoop Auth - Java HTTP SPNEGO Medium Product pom groupid apache.hadoop Low Product pom name Apache Hadoop Auth High Product jar package name security Low Product pom parent-groupid org.apache.hadoop Low Product pom artifactid hadoop-auth Highest Product jar package name authentication Low Product file name hadoop-auth High Product pom parent-artifactid hadoop-project Medium Version file version 2.2.0 Highest Version pom version 2.2.0 Highest
Related Dependencies hadoop-common-2.2.0.jarFile Path: /Users/Kevin/.m2/repository/org/apache/hadoop/hadoop-common/2.2.0/hadoop-common-2.2.0.jar MD5: f43bb28332a67508d0b7adda59a49b82 SHA1: a840350e4a1f5483f949ec5e72cfa2c6b2b3cf94 SHA256: 02bbd795a1d9b406d5b01366cef8232da1c06fa6b9ed0a658436ce30fda6cc9b cpe: cpe:/a:apache:hadoop:2.2.0 Published Vulnerabilities CVE-2014-0229 suppress
Severity:Medium CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. Vulnerable Software & Versions: (show all )
CVE-2014-3627 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during localization, related to distributed cache. Vulnerable Software & Versions: (show all )
CVE-2016-5001 suppress
Severity:Low CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token. Vulnerable Software & Versions: (show all )
CVE-2016-6811 suppress
Severity:High CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) CWE: CWE-264 Permissions, Privileges, and Access Controls
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Vulnerable Software & Versions: (show all )
CVE-2017-15713 suppress
Severity:Medium CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before 2.8.3, and 3.0.0-alpha through 3.0.0-beta1 allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. Vulnerable Software & Versions: (show all )
CVE-2017-3161 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. Vulnerable Software & Versions:
CVE-2017-3162 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-20 Improper Input Validation
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0. Vulnerable Software & Versions:
javax.servlet-api-3.1.0.jarDescription:
Java(TM) Servlet 3.1 API Design Specification License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /Users/Kevin/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar
MD5: 79de69e9f5ed8c7fcb8342585732bbf7
SHA1: 3cd63d075497751784b2fa84be59432f4905bf7c
SHA256: af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname javax.servlet-api Medium Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom groupid javax.servlet Highest Vendor pom artifactid javax.servlet-api Low Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor manifest Bundle-Description Java(TM) Servlet 3.1 API Design Specification Medium Vendor pom organization name GlassFish Community High Vendor Manifest specification-vendor Oracle Corporation Low Vendor Manifest Implementation-Vendor GlassFish Community High Vendor pom url http://servlet-spec.java.net Highest Vendor Manifest extension-name javax.servlet Medium Vendor pom name Java Servlet API High Vendor pom parent-artifactid jvnet-parent Low Vendor pom organization url https://glassfish.dev.java.net Medium Vendor pom parent-groupid net.java Medium Vendor file name javax.servlet-api High Product pom parent-groupid net.java Low Product Manifest bundle-symbolicname javax.servlet-api Medium Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product manifest Bundle-Description Java(TM) Servlet 3.1 API Design Specification Medium Product pom organization name GlassFish Community Low Product Manifest Bundle-Name Java Servlet API Medium Product pom url http://servlet-spec.java.net Medium Product pom organization url https://glassfish.dev.java.net Low Product Manifest extension-name javax.servlet Medium Product pom name Java Servlet API High Product pom parent-artifactid jvnet-parent Medium Product pom groupid javax.servlet Low Product pom artifactid javax.servlet-api Highest Product file name javax.servlet-api High Version Manifest Implementation-Version 3.1.0 High Version file version 3.1.0 Highest Version pom version 3.1.0 Highest
maven: javax.servlet:javax.servlet-api:3.1.0 Confidence :Highest httpclient-4.5.1.jarDescription:
Apache HttpComponents Client
File Path: /Users/Kevin/.m2/repository/org/apache/httpcomponents/httpclient/4.5.1/httpclient-4.5.1.jarMD5: 53cad957821a4bacaf9e108af24e6f90SHA1: 7e3cecc566df91338c6c67883b89ddd05a17db43SHA256: 0ba1a340188f33408632cedbe25d6fe17c1458bde17680a06cd6f6a69476ff74Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name Apache HttpClient High Vendor pom groupid org.apache.httpcomponents Highest Vendor Manifest implementation-build tags/4.5.1-RC1/httpclient@r1702448; 2015-09-11 14:53:18+0200 Low Vendor pom parent-artifactid httpcomponents-client Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://hc.apache.org/httpcomponents-client Highest Vendor pom description
Apache HttpComponents Client
Medium Vendor pom artifactid httpclient Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor pom groupid apache.httpcomponents Highest Vendor file name httpclient High Product pom name Apache HttpClient High Product Manifest implementation-build tags/4.5.1-RC1/httpclient@r1702448; 2015-09-11 14:53:18+0200 Low Product Manifest url http://hc.apache.org/httpcomponents-client Low Product pom description
Apache HttpComponents Client
Medium Product pom parent-groupid org.apache.httpcomponents Low Product pom url http://hc.apache.org/httpcomponents-client Medium Product pom parent-artifactid httpcomponents-client Medium Product Manifest specification-title HttpComponents Apache HttpClient Medium Product pom groupid apache.httpcomponents Low Product Manifest Implementation-Title HttpComponents Apache HttpClient High Product pom artifactid httpclient Highest Product file name httpclient High Version file version 4.5.1 Highest Version Manifest Implementation-Version 4.5.1 High Version pom version 4.5.1 Highest
cpe: cpe:/a:apache:httpclient:4.5.1 Confidence :Low suppress maven: org.apache.httpcomponents:httpclient:4.5.1 Confidence :Highest shiro-web-1.2.3.jarDescription:
Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/shiro/shiro-web/1.2.3/shiro-web-1.2.3.jar
MD5: 38105101e9efde681dc1de127193f99f
SHA1: 4dbcac122a883c29d32fe94f6b1525e5a81884ec
SHA256: aec0f2185180107b25343a986baf9a4122d5d272fa7ab9721a35552f0ad12369
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.apache.shiro Medium Vendor pom groupid org.apache.shiro Highest Vendor Manifest bundle-symbolicname org.apache.shiro.web Medium Vendor manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low Vendor pom groupid apache.shiro Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor pom artifactid shiro-web Low Vendor Manifest Implementation-Vendor-Id org.apache.shiro Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid shiro-root Low Vendor pom name Apache Shiro :: Web High Vendor file name shiro-web High Product Manifest bundle-symbolicname org.apache.shiro.web Medium Product manifest Bundle-Description Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management, single sign-on and cryptography services. Low Product pom parent-groupid org.apache.shiro Low Product pom groupid apache.shiro Low Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache Shiro :: Web Medium Product pom parent-artifactid shiro-root Medium Product pom name Apache Shiro :: Web High Product pom artifactid shiro-web Highest Product Manifest specification-title Apache Shiro :: Web Medium Product file name shiro-web High Product Manifest Implementation-Title Apache Shiro :: Web High Version pom version 1.2.3 Highest Version Manifest Implementation-Version 1.2.3 High Version file version 1.2.3 Highest
maven: org.apache.shiro:shiro-web:1.2.3 Confidence :Highestcpe: cpe:/a:apache:shiro:1.2.3 Confidence :Low suppress Published Vulnerabilities CVE-2016-4437 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-284 Improper Access Control
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Vulnerable Software & Versions:
commons-codec-1.7.jarDescription:
The codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-codec/commons-codec/1.7/commons-codec-1.7.jar
MD5: e47ef8e1a0c11e0e7e41704816cda890
SHA1: 9cd61d269c88f9fb0eb36cea1efcd596ab74772f
SHA256: db82a948bc070414fcfd3880ebd1205c94df5f5c61558ccbc653ec2f820bf7a4
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid commons-codec Low Vendor file name commons-codec High Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor pom description The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Vendor Manifest bundle-docurl http://commons.apache.org/codec/ Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid commons-codec Highest Vendor pom name Commons Codec High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-build tags/1.7-RC2@r1383368; 2012-09-11 08:05:03-0400 Low Vendor Manifest bundle-symbolicname org.apache.commons.codec Medium Vendor pom url http://commons.apache.org/codec/ Highest Vendor manifest Bundle-Description The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Product file name commons-codec High Product pom description The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Product Manifest bundle-docurl http://commons.apache.org/codec/ Low Product Manifest specification-title Commons Codec Medium Product Manifest Implementation-Title Commons Codec High Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom name Commons Codec High Product Manifest Bundle-Name Commons Codec Medium Product pom url http://commons.apache.org/codec/ Medium Product Manifest implementation-build tags/1.7-RC2@r1383368; 2012-09-11 08:05:03-0400 Low Product pom artifactid commons-codec Highest Product pom groupid commons-codec Low Product Manifest bundle-symbolicname org.apache.commons.codec Medium Product manifest Bundle-Description The codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities. Low Version pom version 1.7 Highest Version Manifest Implementation-Version 1.7 High Version file version 1.7 Highest
maven: commons-codec:commons-codec:1.7 Confidence :Highest oro-2.0.8.jarFile Path: /Users/Kevin/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jarMD5: 42e940d5d2d822f4dc04c65053e630abSHA1: 5592374f834645c4ae250f4c9fbb314c9369d698SHA256: e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26eReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name oro High Vendor pom groupid oro Highest Vendor pom artifactid oro Low Vendor manifest: org/apache/oro Implementation-Vendor Apache Software Foundation Medium Product file name oro High Product manifest: org/apache/oro Implementation-Title org.apache.oro Medium Product pom groupid oro Low Product pom artifactid oro Highest Product manifest: org/apache/oro Specification-Title Jakarta ORO Medium Version file version 2.0.8 Highest Version pom version 2.0.8 Highest
maven: oro:oro:2.0.8 Confidence :Highest commons-net-1.4.1.jarLicense:
The Apache Software License, Version 2.0: /LICENSE.txt File Path: /Users/Kevin/.m2/repository/commons-net/commons-net/1.4.1/commons-net-1.4.1.jar
MD5: 365c9a26e81b212de0553fbed10452cc
SHA1: abb932adb2c10790c1eaa4365d3ac2a1ac7cb700
SHA256: 05a3611dedf90d0ab3e8ed83dec4ee49200148c09425437eb9348562fde7d83c
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name Jakarta Commons Net High Vendor pom organization url http://jakarta.apache.org Medium Vendor file name commons-net High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid commons-net Highest Vendor pom artifactid commons-net Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://jakarta.apache.org/commons/${pom.artifactId.substring(8)}/ Highest Vendor Manifest extension-name commons-net Medium Vendor pom organization name The Apache Software Foundation High Product pom name Jakarta Commons Net High Product pom artifactid commons-net Highest Product Manifest Implementation-Title org.apache.commons.net High Product pom groupid commons-net Low Product pom url http://jakarta.apache.org/commons/${pom.artifactId.substring(8)}/ Medium Product file name commons-net High Product pom organization url http://jakarta.apache.org Low Product Manifest extension-name commons-net Medium Product pom organization name The Apache Software Foundation Low Product Manifest specification-title Jakarta Commons Net Medium Version pom version 1.4.1 Highest Version Manifest Implementation-Version 1.4.1 High Version file version 1.4.1 Highest
maven: commons-net:commons-net:1.4.1 Confidence :Highest cglib-2.2.2.jarDescription:
Code generation library License:
ASF 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/cglib/cglib/2.2.2/cglib-2.2.2.jar
MD5: b3f681be48fce094cf01a045f5bdca6f
SHA1: a47a971686474124562bdd4a7ccbd8ac8c3e8b11
SHA256: a93e4485d274277177480c4afe6ddd8355cda1cacfe356c134e25d65193935fd
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid cglib Highest Vendor pom artifactid cglib Low Vendor jar package name net Low Vendor pom url http://cglib.sourceforge.net/ Highest Vendor pom description Code generation library Medium Vendor jar package name cglib Low Vendor jar package name sf Low Vendor file name cglib High Vendor pom name Code Generation Library High Product pom description Code generation library Medium Product pom groupid cglib Low Product jar package name cglib Low Product jar package name sf Low Product file name cglib High Product pom artifactid cglib Highest Product pom name Code Generation Library High Product pom url http://cglib.sourceforge.net/ Medium Version pom version 2.2.2 Highest Version file version 2.2.2 Highest
maven: cglib:cglib:2.2.2 Confidence :Highest commons-digester3-3.2.jarDescription:
The Apache Commons Digester package lets you configure an XML to Java
object mapping module which triggers certain actions called rules whenever
a particular pattern of nested XML elements is recognized.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/commons/commons-digester3/3.2/commons-digester3-3.2.jar
MD5: 41d2c62c7aedafa7a3627794abc83f71
SHA1: c3f68c5ff25ec5204470fd8fdf4cb8feff5e8a79
SHA256: 1c150e3d2df4b4237b47e28fea2079fb0da324578d5cca6a5fed2e37a62082ec
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.commons Highest Vendor pom description The Apache Commons Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low Vendor pom url http://commons.apache.org/digester/ Highest Vendor Manifest bundle-symbolicname org.apache.commons.digester Medium Vendor pom artifactid commons-digester3 Low Vendor pom parent-artifactid commons-parent Low Vendor file name commons-digester3 High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor manifest Bundle-Description The Apache Commons Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low Vendor pom name Apache Commons Digester High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-docurl http://commons.apache.org/digester/ Low Vendor pom groupid org.apache.commons Highest Vendor Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Product pom description The Apache Commons Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low Product Manifest specification-title Apache Commons Digester Medium Product Manifest bundle-symbolicname org.apache.commons.digester Medium Product file name commons-digester3 High Product Manifest Bundle-Name Apache Commons Digester Medium Product pom artifactid commons-digester3 Highest Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product manifest Bundle-Description The Apache Commons Digester package lets you configure an XML to Java object mapping module which triggers certain actions called rules whenever a particular pattern of nested XML elements is recognized. Low Product pom name Apache Commons Digester High Product Manifest Implementation-Title Apache Commons Digester High Product pom groupid apache.commons Low Product Manifest bundle-docurl http://commons.apache.org/digester/ Low Product Manifest implementation-build tags/DIGESTER3_3_2_RC2@r1212807; 2011-12-10 15:57:06+0100 Low Product pom url http://commons.apache.org/digester/ Medium Version pom version 3.2 Highest Version file version 3.2 Highest Version Manifest Implementation-Version 3.2 High
maven: org.apache.commons:commons-digester3:3.2 Confidence :Highest commons-cli-1.2.jarDescription:
Commons CLI provides a simple API for presenting, processing and validating a command line interface.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-cli/commons-cli/1.2/commons-cli-1.2.jar
MD5: bfdcae1ff93f0c07d733f03bdce28c9e
SHA1: 2bf96b7aa8b611c177d329452af1dc933e14501c
SHA256: e7cd8951956d349b568b7ccfd4f5b2529a8c113e67c32b028f52ffda371259d9
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name commons-cli High Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom url http://commons.apache.org/cli/ Highest Vendor pom groupid commons-cli Highest Vendor Manifest bundle-docurl http://commons.apache.org/cli/ Low Vendor pom name Commons CLI High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom description Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low Vendor Manifest bundle-symbolicname org.apache.commons.cli Medium Vendor pom artifactid commons-cli Low Vendor manifest Bundle-Description Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low Product Manifest Implementation-Title Commons CLI High Product file name commons-cli High Product pom url http://commons.apache.org/cli/ Medium Product Manifest bundle-docurl http://commons.apache.org/cli/ Low Product pom name Commons CLI High Product Manifest specification-title Commons CLI Medium Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom groupid commons-cli Low Product Manifest Bundle-Name Commons CLI Medium Product pom description Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low Product pom artifactid commons-cli Highest Product Manifest bundle-symbolicname org.apache.commons.cli Medium Product manifest Bundle-Description Commons CLI provides a simple API for presenting, processing and validating a command line interface. Low Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 Highest
maven: commons-cli:commons-cli:1.2 Confidence :Highest shrinkwrap-api-1.2.3.jarDescription:
Client View of the ShrinkWrap Project File Path: /Users/Kevin/.m2/repository/org/jboss/shrinkwrap/shrinkwrap-api/1.2.3/shrinkwrap-api-1.2.3.jarMD5: 36ac70aabd6fd7714f49709a33ab63c8SHA1: fbdf4de925f2afdfeed87bc9f610b83800c539feSHA256: 0df8295ef9f3522c28e57343b784fe91bab7e2f56a7dbfefa70c29c9b313acd6Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.shrinkwrap Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom artifactid shrinkwrap-api Low Vendor Manifest implementation-url http://www.jboss.org/shrinkwrap-api Low Vendor pom parent-artifactid shrinkwrap-parent Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor pom groupid org.jboss.shrinkwrap Highest Vendor Manifest Implementation-Vendor-Id org.jboss.shrinkwrap Medium Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom name ShrinkWrap API High Vendor pom description Client View of the ShrinkWrap Project Medium Vendor file name shrinkwrap-api High Vendor pom parent-groupid org.jboss.shrinkwrap Medium Product Manifest Implementation-Title ShrinkWrap API High Product pom parent-artifactid shrinkwrap-parent Medium Product Manifest implementation-url http://www.jboss.org/shrinkwrap-api Low Product pom name ShrinkWrap API High Product Manifest specification-title ShrinkWrap API Medium Product pom groupid jboss.shrinkwrap Low Product pom description Client View of the ShrinkWrap Project Medium Product Manifest os-name Linux Medium Product file name shrinkwrap-api High Product pom parent-groupid org.jboss.shrinkwrap Low Product pom artifactid shrinkwrap-api Highest Version pom version 1.2.3 Highest Version Manifest Implementation-Version 1.2.3 High Version file version 1.2.3 Highest
maven: org.jboss.shrinkwrap:shrinkwrap-api:1.2.3 Confidence :Highest shrinkwrap-spi-1.2.3.jarDescription:
Generic Service Provider Contract of the ShrinkWrap Project File Path: /Users/Kevin/.m2/repository/org/jboss/shrinkwrap/shrinkwrap-spi/1.2.3/shrinkwrap-spi-1.2.3.jarMD5: edeabb2298579049d625e80269e2910fSHA1: 1322387bb13a8a062d291d1289647e8c6c022bcdSHA256: 08fb20a5ac4821a9bef304c956b282bcd4dbc25a89163c9cefb84a12301f2ad8Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name shrinkwrap-spi High Vendor pom groupid jboss.shrinkwrap Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom parent-artifactid shrinkwrap-parent Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor pom groupid org.jboss.shrinkwrap Highest Vendor Manifest implementation-url http://www.jboss.org/shrinkwrap-spi Low Vendor pom name ShrinkWrap SPI High Vendor pom description Generic Service Provider Contract of the ShrinkWrap Project Medium Vendor Manifest Implementation-Vendor-Id org.jboss.shrinkwrap Medium Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom parent-groupid org.jboss.shrinkwrap Medium Vendor pom artifactid shrinkwrap-spi Low Product file name shrinkwrap-spi High Product Manifest Implementation-Title ShrinkWrap SPI High Product pom parent-artifactid shrinkwrap-parent Medium Product pom artifactid shrinkwrap-spi Highest Product pom groupid jboss.shrinkwrap Low Product Manifest os-name Linux Medium Product Manifest specification-title ShrinkWrap SPI Medium Product pom parent-groupid org.jboss.shrinkwrap Low Product Manifest implementation-url http://www.jboss.org/shrinkwrap-spi Low Product pom name ShrinkWrap SPI High Product pom description Generic Service Provider Contract of the ShrinkWrap Project Medium Version pom version 1.2.3 Highest Version Manifest Implementation-Version 1.2.3 High Version file version 1.2.3 Highest
maven: org.jboss.shrinkwrap:shrinkwrap-spi:1.2.3 Confidence :Highest shrinkwrap-impl-base-1.2.3.jarDescription:
Common Base for Implementations of the ShrinkWrap Project File Path: /Users/Kevin/.m2/repository/org/jboss/shrinkwrap/shrinkwrap-impl-base/1.2.3/shrinkwrap-impl-base-1.2.3.jarMD5: 521b07410577d096e71d0cb04d9a4fffSHA1: 448a61e4c8c6f6fcf61ab25b04811bba23cb4888SHA256: 5d5e0a2cc72dee9b500509e074ce527048ef0918757895c95cdb9fc67f12b922Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid jboss.shrinkwrap Highest Vendor pom description Common Base for Implementations of the ShrinkWrap Project Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor Manifest implementation-url http://www.jboss.org/shrinkwrap-impl-base Low Vendor pom name ShrinkWrap Implementation Base High Vendor pom parent-artifactid shrinkwrap-parent Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor pom groupid org.jboss.shrinkwrap Highest Vendor file name shrinkwrap-impl-base High Vendor Manifest Implementation-Vendor-Id org.jboss.shrinkwrap Medium Vendor pom artifactid shrinkwrap-impl-base Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom parent-groupid org.jboss.shrinkwrap Medium Product file name shrinkwrap-impl-base High Product pom description Common Base for Implementations of the ShrinkWrap Project Medium Product Manifest implementation-url http://www.jboss.org/shrinkwrap-impl-base Low Product pom parent-artifactid shrinkwrap-parent Medium Product pom name ShrinkWrap Implementation Base High Product pom groupid jboss.shrinkwrap Low Product Manifest specification-title ShrinkWrap Implementation Base Medium Product Manifest os-name Linux Medium Product pom artifactid shrinkwrap-impl-base Highest Product Manifest Implementation-Title ShrinkWrap Implementation Base High Product pom parent-groupid org.jboss.shrinkwrap Low Version pom version 1.2.3 Highest Version Manifest Implementation-Version 1.2.3 High Version file version 1.2.3 Highest
maven: org.jboss.shrinkwrap:shrinkwrap-impl-base:1.2.3 Confidence :Highest shrinkwrap-descriptors-api-base-2.0.0-alpha-8.jarDescription:
Base for Client View of the ShrinkWrap Descriptors Project File Path: /Users/Kevin/.m2/repository/org/jboss/shrinkwrap/descriptors/shrinkwrap-descriptors-api-base/2.0.0-alpha-8/shrinkwrap-descriptors-api-base-2.0.0-alpha-8.jarMD5: d75df77895cd1bfb13efafbdcd74385dSHA1: 7f446d32e508ee54201c93318c72eef2ffb87e24SHA256: 0b7fad7d58ded231614104febeb05eabd3d5e9c329a1f1f10f0af7bc7201be35Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Vendor file name shrinkwrap-descriptors-api-base High Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom description Base for Client View of the ShrinkWrap Descriptors Project Medium Vendor pom groupid jboss.shrinkwrap.descriptors Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor pom name ShrinkWrap Descriptors API Base High Vendor Manifest Implementation-Vendor-Id org.jboss.shrinkwrap.descriptors Medium Vendor pom parent-artifactid shrinkwrap-descriptors-parent Low Vendor pom parent-groupid org.jboss.shrinkwrap.descriptors Medium Vendor Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-api-base Low Vendor pom groupid org.jboss.shrinkwrap.descriptors Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom artifactid shrinkwrap-descriptors-api-base Low Product Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Product file name shrinkwrap-descriptors-api-base High Product pom description Base for Client View of the ShrinkWrap Descriptors Project Medium Product pom artifactid shrinkwrap-descriptors-api-base Highest Product Manifest specification-title ShrinkWrap Descriptors API Base Medium Product pom parent-groupid org.jboss.shrinkwrap.descriptors Low Product Manifest os-name Linux Medium Product pom name ShrinkWrap Descriptors API Base High Product pom parent-artifactid shrinkwrap-descriptors-parent Medium Product Manifest Implementation-Title ShrinkWrap Descriptors API Base High Product pom groupid jboss.shrinkwrap.descriptors Low Product Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-api-base Low Version pom version 2.0.0-alpha-8 Highest Version Manifest Implementation-Version 2.0.0-alpha-8 High
maven: org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api-base:2.0.0-alpha-8 Confidence :Highest shrinkwrap-descriptors-api-javaee-2.0.0-alpha-8.jarDescription:
Client View of the ShrinkWrap Descriptors Project File Path: /Users/Kevin/.m2/repository/org/jboss/shrinkwrap/descriptors/shrinkwrap-descriptors-api-javaee/2.0.0-alpha-8/shrinkwrap-descriptors-api-javaee-2.0.0-alpha-8.jarMD5: 668b04e3cd4b0fb36e1272220e52c629SHA1: feb1bdc6adf287616efeed76684e4ce51ae9aa99SHA256: 1cc485db273b2b7f6f092f71a4506200ae50df258f9a3b69ff11b6455b962961Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.shrinkwrap.descriptors Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor Manifest Implementation-Vendor-Id org.jboss.shrinkwrap.descriptors Medium Vendor pom parent-artifactid shrinkwrap-descriptors-parent Low Vendor pom parent-groupid org.jboss.shrinkwrap.descriptors Medium Vendor pom groupid org.jboss.shrinkwrap.descriptors Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom artifactid shrinkwrap-descriptors-api-javaee Low Vendor pom description Client View of the ShrinkWrap Descriptors Project Medium Vendor file name shrinkwrap-descriptors-api-javaee High Vendor Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-api-javaee Low Vendor pom name ShrinkWrap Descriptors Generated Java EE API High Product Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Product pom parent-groupid org.jboss.shrinkwrap.descriptors Low Product Manifest os-name Linux Medium Product pom parent-artifactid shrinkwrap-descriptors-parent Medium Product pom groupid jboss.shrinkwrap.descriptors Low Product Manifest Implementation-Title ShrinkWrap Descriptors Generated Java EE API High Product pom artifactid shrinkwrap-descriptors-api-javaee Highest Product Manifest specification-title ShrinkWrap Descriptors Generated Java EE API Medium Product pom description Client View of the ShrinkWrap Descriptors Project Medium Product file name shrinkwrap-descriptors-api-javaee High Product Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-api-javaee Low Product pom name ShrinkWrap Descriptors Generated Java EE API High Version pom version 2.0.0-alpha-8 Highest Version Manifest Implementation-Version 2.0.0-alpha-8 High
maven: org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-api-javaee:2.0.0-alpha-8 Confidence :Highest shrinkwrap-descriptors-spi-2.0.0-alpha-8.jarDescription:
Service Provider Interface of the ShrinkWrap Descriptors Project File Path: /Users/Kevin/.m2/repository/org/jboss/shrinkwrap/descriptors/shrinkwrap-descriptors-spi/2.0.0-alpha-8/shrinkwrap-descriptors-spi-2.0.0-alpha-8.jarMD5: 6e306734f6043b04440c9434ab6a135dSHA1: fca9a421a27ddf52cc255c4d360d9b7c70689d05SHA256: bd0ec013c62f67727a0ea54326a2592ca83fac9a467ba442654c4f0dce847146Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.shrinkwrap.descriptors Highest Vendor pom description Service Provider Interface of the ShrinkWrap Descriptors Project Medium Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor Manifest Implementation-Vendor-Id org.jboss.shrinkwrap.descriptors Medium Vendor Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-spi Low Vendor pom parent-artifactid shrinkwrap-descriptors-parent Low Vendor pom parent-groupid org.jboss.shrinkwrap.descriptors Medium Vendor pom name ShrinkWrap Descriptors SPI High Vendor file name shrinkwrap-descriptors-spi High Vendor pom groupid org.jboss.shrinkwrap.descriptors Highest Vendor pom artifactid shrinkwrap-descriptors-spi Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Product Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Product Manifest specification-title ShrinkWrap Descriptors SPI Medium Product Manifest Implementation-Title ShrinkWrap Descriptors SPI High Product pom parent-groupid org.jboss.shrinkwrap.descriptors Low Product pom description Service Provider Interface of the ShrinkWrap Descriptors Project Medium Product Manifest os-name Linux Medium Product pom parent-artifactid shrinkwrap-descriptors-parent Medium Product Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-spi Low Product pom name ShrinkWrap Descriptors SPI High Product pom groupid jboss.shrinkwrap.descriptors Low Product file name shrinkwrap-descriptors-spi High Product pom artifactid shrinkwrap-descriptors-spi Highest Version pom version 2.0.0-alpha-8 Highest Version Manifest Implementation-Version 2.0.0-alpha-8 High
maven: org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-spi:2.0.0-alpha-8 Confidence :Highest shrinkwrap-descriptors-impl-base-2.0.0-alpha-8.jarDescription:
Implementation of the ShrinkWrap Descriptors Project File Path: /Users/Kevin/.m2/repository/org/jboss/shrinkwrap/descriptors/shrinkwrap-descriptors-impl-base/2.0.0-alpha-8/shrinkwrap-descriptors-impl-base-2.0.0-alpha-8.jarMD5: f4c4da51805683dd9128ce88d44298cdSHA1: 9b2017df39cb9bcf9acad21b07b473bf7862a9a6SHA256: 2ea8e7c5469c00f9062ab7860362d3343fd39ab8a6a1bc210ac6100caa13ce1cReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Vendor Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-impl-base Low Vendor pom description Implementation of the ShrinkWrap Descriptors Project Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.shrinkwrap.descriptors Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor pom artifactid shrinkwrap-descriptors-impl-base Low Vendor Manifest Implementation-Vendor-Id org.jboss.shrinkwrap.descriptors Medium Vendor pom parent-artifactid shrinkwrap-descriptors-parent Low Vendor pom parent-groupid org.jboss.shrinkwrap.descriptors Medium Vendor pom name ShrinkWrap Descriptors Implementation High Vendor pom groupid org.jboss.shrinkwrap.descriptors Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor file name shrinkwrap-descriptors-impl-base High Product Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Product Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-impl-base Low Product pom description Implementation of the ShrinkWrap Descriptors Project Medium Product pom artifactid shrinkwrap-descriptors-impl-base Highest Product Manifest specification-title ShrinkWrap Descriptors Implementation Medium Product pom parent-groupid org.jboss.shrinkwrap.descriptors Low Product Manifest os-name Linux Medium Product pom parent-artifactid shrinkwrap-descriptors-parent Medium Product pom groupid jboss.shrinkwrap.descriptors Low Product pom name ShrinkWrap Descriptors Implementation High Product Manifest Implementation-Title ShrinkWrap Descriptors Implementation High Product file name shrinkwrap-descriptors-impl-base High Version pom version 2.0.0-alpha-8 Highest Version Manifest Implementation-Version 2.0.0-alpha-8 High
maven: org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-impl-base:2.0.0-alpha-8 Confidence :Highest shrinkwrap-descriptors-impl-javaee-2.0.0-alpha-8.jarDescription:
Generated Implementation of the ShrinkWrap Descriptors Project File Path: /Users/Kevin/.m2/repository/org/jboss/shrinkwrap/descriptors/shrinkwrap-descriptors-impl-javaee/2.0.0-alpha-8/shrinkwrap-descriptors-impl-javaee-2.0.0-alpha-8.jarMD5: adaeb2eb248bc07138e8c0d677b47fccSHA1: 775ee808bcc6dbdc0b4e22dfdf5f45fe286828c7SHA256: 121194d249c6e64fc3bc54151839c0c93cfc90ceb4b735ad2addeb69e0965014Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Vendor pom name ShrinkWrap Descriptors Generated Java EE Impl High Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-impl-javaee Low Vendor pom description Generated Implementation of the ShrinkWrap Descriptors Project Medium Vendor pom groupid jboss.shrinkwrap.descriptors Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor Manifest Implementation-Vendor-Id org.jboss.shrinkwrap.descriptors Medium Vendor pom parent-artifactid shrinkwrap-descriptors-parent Low Vendor pom parent-groupid org.jboss.shrinkwrap.descriptors Medium Vendor file name shrinkwrap-descriptors-impl-javaee High Vendor pom artifactid shrinkwrap-descriptors-impl-javaee Low Vendor pom groupid org.jboss.shrinkwrap.descriptors Highest Vendor Manifest Implementation-Vendor JBoss by Red Hat High Product Manifest build-timestamp Tue, 29 Sep 2015 21:44:06 +0200 Low Product pom name ShrinkWrap Descriptors Generated Java EE Impl High Product Manifest implementation-url http://www.jboss.org/shrinkwrap-descriptors-impl-javaee Low Product pom description Generated Implementation of the ShrinkWrap Descriptors Project Medium Product pom parent-groupid org.jboss.shrinkwrap.descriptors Low Product Manifest Implementation-Title ShrinkWrap Descriptors Generated Java EE Impl High Product Manifest os-name Linux Medium Product pom artifactid shrinkwrap-descriptors-impl-javaee Highest Product pom parent-artifactid shrinkwrap-descriptors-parent Medium Product Manifest specification-title ShrinkWrap Descriptors Generated Java EE Impl Medium Product file name shrinkwrap-descriptors-impl-javaee High Product pom groupid jboss.shrinkwrap.descriptors Low Version pom version 2.0.0-alpha-8 Highest Version Manifest Implementation-Version 2.0.0-alpha-8 High
maven: org.jboss.shrinkwrap.descriptors:shrinkwrap-descriptors-impl-javaee:2.0.0-alpha-8 Confidence :Highest jericho-html-3.2.jarDescription:
Jericho HTML Parser is a java library allowing analysis and manipulation of parts of an HTML document, including server-side tags, while reproducing verbatim any unrecognised or invalid HTML. License:
GNU Lesser General Public License (LGPL): http://www.gnu.org/licenses/lgpl.txt
Eclipse Public License (EPL): http://www.eclipse.org/legal/epl-v10.html File Path: /Users/Kevin/.m2/repository/net/htmlparser/jericho/jericho-html/3.2/jericho-html-3.2.jar
MD5: a8d9b91b1eac14db742d66673167f157
SHA1: b8385d9836562d75df8445db00c7e9c50459af9f
SHA256: cff62270e35f90df7e5797626c62546c1a3d6ce67ae154fc94c297e2db5a47cf
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom url http://jericho.htmlparser.net Highest Vendor file name jericho-html High Vendor pom description Jericho HTML Parser is a java library allowing analysis and manipulation of parts of an HTML document, including server-side tags, while reproducing verbatim any unrecognised or invalid HTML. Low Vendor jar package name net Low Vendor jar package name jericho Low Vendor pom name Jericho HTML Parser High Vendor jar package name htmlparser Low Vendor pom groupid net.htmlparser.jericho Highest Vendor pom artifactid jericho-html Low Product file name jericho-html High Product pom description Jericho HTML Parser is a java library allowing analysis and manipulation of parts of an HTML document, including server-side tags, while reproducing verbatim any unrecognised or invalid HTML. Low Product pom artifactid jericho-html Highest Product pom groupid net.htmlparser.jericho Low Product jar package name jericho Low Product pom name Jericho HTML Parser High Product jar package name htmlparser Low Product pom url http://jericho.htmlparser.net Medium Version pom version 3.2 Highest Version file version 3.2 Highest
maven: net.htmlparser.jericho:jericho-html:3.2 Confidence :Highest zip4j-1.3.2.jarLicense:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/net/lingala/zip4j/zip4j/1.3.2/zip4j-1.3.2.jar
MD5: 67577b0541256ea89d15e0edb6d2a7b8
SHA1: 4ba84e98ee017b74cb52f45962f929a221f3074c
SHA256: c67098d430c574311432728ebd4c7c45672f9ccf5c64702eb6afb8816c22ad08
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor file name zip4j High Vendor Manifest bundle-symbolicname net.lingala.zip4j Medium Vendor pom groupid net.lingala.zip4j Highest Vendor pom artifactid zip4j Low Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product pom artifactid zip4j Highest Product pom groupid net.lingala.zip4j Low Product Manifest Bundle-Name Zip4j Medium Product file name zip4j High Product Manifest bundle-symbolicname net.lingala.zip4j Medium Version pom version 1.3.2 Highest Version file version 1.3.2 Highest
maven: net.lingala.zip4j:zip4j:1.3.2 Confidence :Highest joda-time-2.9.2.jarDescription:
Date and time library to replace JDK date handling License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/joda-time/joda-time/2.9.2/joda-time-2.9.2.jar
MD5: 32a794b6a820daf3fad92e59988df64c
SHA1: 36d6e77a419cb455e6fd5909f6f96b168e21e9d0
SHA256: 0be5c40e8cdce9ec0643d76be99f276db17c45d7616a217fd1b19b7ef73ca7b1
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name joda-time Medium Vendor pom name Joda-Time High Vendor Manifest specification-vendor Joda.org Low Vendor pom url http://www.joda.org/joda-time/ Highest Vendor file name joda-time High Vendor pom groupid joda-time Highest Vendor pom description Date and time library to replace JDK date handling Medium Vendor Manifest Implementation-Vendor-Id org.joda Medium Vendor pom organization name Joda.org High Vendor Manifest Implementation-Vendor Joda.org High Vendor Manifest bundle-symbolicname joda-time Medium Vendor pom artifactid joda-time Low Vendor pom organization url http://www.joda.org Medium Vendor Manifest bundle-docurl http://www.joda.org/joda-time/ Low Vendor Manifest implementation-url http://www.joda.org/joda-time/ Low Product pom artifactid joda-time Highest Product Manifest extension-name joda-time Medium Product pom name Joda-Time High Product file name joda-time High Product pom groupid joda-time Low Product pom organization name Joda.org Low Product Manifest Bundle-Name Joda-Time Medium Product pom description Date and time library to replace JDK date handling Medium Product Manifest specification-title Joda-Time Medium Product pom organization url http://www.joda.org Low Product Manifest bundle-symbolicname joda-time Medium Product pom url http://www.joda.org/joda-time/ Medium Product Manifest bundle-docurl http://www.joda.org/joda-time/ Low Product Manifest implementation-url http://www.joda.org/joda-time/ Low Product Manifest Implementation-Title org.joda.time High Version Manifest Implementation-Version 2.9.2 High Version file version 2.9.2 Highest Version pom version 2.9.2 Highest
maven: joda-time:joda-time:2.9.2 Confidence :Highest jetty-jndi-9.2.15.v20160210.jarDescription:
JNDI spi impl for java namespace. License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-jndi/9.2.15.v20160210/jetty-jndi-9.2.15.v20160210.jar
MD5: cba333b9e7a94f7d5f321ad9a91e4622
SHA1: 6e09b5428a8c53d0f66fd7a20064fa7973b0cbbe
SHA256: 9448eb94f331916ee58912fa7ee793ef27ec2219a7450dc52c76a1a78da51708
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description JNDI spi impl for java namespace. Medium Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor pom artifactid jetty-jndi Low Vendor pom groupid org.eclipse.jetty Highest Vendor file name jetty-jndi High Vendor pom name Jetty :: JNDI Naming High Vendor Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor pom groupid eclipse.jetty Highest Vendor pom parent-artifactid jetty-project Low Vendor pom description JNDI spi impl for java namespace. Medium Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.jndi Medium Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom parent-groupid org.eclipse.jetty Medium Vendor pom url http://www.eclipse.org/jetty Highest Product manifest Bundle-Description JNDI spi impl for java namespace. Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product Manifest Bundle-Name Jetty :: JNDI Naming Medium Product file name jetty-jndi High Product pom name Jetty :: JNDI Naming High Product Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Product pom artifactid jetty-jndi Highest Product pom description JNDI spi impl for java namespace. Medium Product pom url http://www.eclipse.org/jetty Medium Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest bundle-symbolicname org.eclipse.jetty.jndi Medium Product Manifest url http://www.eclipse.org/jetty Low Product pom groupid eclipse.jetty Low Product pom parent-artifactid jetty-project Medium Product pom parent-groupid org.eclipse.jetty Low Version file version 9.2.15.v20160210 Highest Version Manifest Implementation-Version 9.2.15.v20160210 High Version pom version 9.2.15.v20160210 Highest
Related Dependencies jetty-server-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-server/9.2.15.v20160210/jetty-server-9.2.15.v20160210.jar MD5: 1ffa8bbb035583e9483d373faaad7036 SHA1: d1d354d811e3a0ed4464866cf8248a884ec6c431 SHA256: 969d9061442647818121213859f66370beabef0fdb846b4c717fd9b2ab81bc81 jetty-plus-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-plus/9.2.15.v20160210/jetty-plus-9.2.15.v20160210.jar MD5: 18d9cfa9e3cb267c26bcb08f0604de5e SHA1: e7a8d81cfe45775d6f0e6e8178fe0891960fc554 SHA256: 4d1b4f10b2528d22032f1f0f275661c65649066e3bba43870c62466599e2ef5a jetty-servlet-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-servlet/9.2.15.v20160210/jetty-servlet-9.2.15.v20160210.jar MD5: ec7880210971eba477fe398f5436c5f5 SHA1: 17fd3313e5e83b48b91394cc32bf90e09fa6eacf SHA256: 3ff627116e8a712fdab28ff345aaafd75ab60d87364ee7be290791646e9715c3 jetty-annotations-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-annotations/9.2.15.v20160210/jetty-annotations-9.2.15.v20160210.jar MD5: 099055fea493266b261a960a86c0babd SHA1: c05df548a9a1b381d828d468802a9ed1a2f28b18 SHA256: cd1e6ca8f172566239d096a2d7cf72c1eae80c5fd737ac0e185de27ed1481de3 jetty-webapp-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-webapp/9.2.15.v20160210/jetty-webapp-9.2.15.v20160210.jar MD5: 241d090b5e15f365299a2073f4498a3f SHA1: 3bd2fcdd1a061fc683bf18f00f7984b12a23a70e SHA256: 04561bc8b3a328a4ce55818d78ed35fdf80d510bfbd35e1f4d3449f2c36210b7 jetty-servlets-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-servlets/9.2.15.v20160210/jetty-servlets-9.2.15.v20160210.jar MD5: 8852748f2a0b537826a80998179bf19b SHA1: 5f3537608e3d455a6b36b0b5b5f59a833f41aef9 SHA256: 787d025b1ba5c633c001e1d28a55295d635b3116a142fbf8cc29149aa07c207c cpe: cpe:/a:jetty:jetty:9.2.15.v20160210 Confidence :Low suppress cpe: cpe:/a:eclipse:jetty:9.2.15.v20160210 Confidence :Low suppress maven: org.eclipse.jetty:jetty-jndi:9.2.15.v20160210 Confidence :Highest Published Vulnerabilities CVE-2017-7656 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-284 Improper Access Control
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. Vulnerable Software & Versions: (show all )
CVE-2017-7657 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-19 Data Processing Errors
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. Vulnerable Software & Versions: (show all )
CVE-2017-9735 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. Vulnerable Software & Versions:
javax.annotation-api-1.2.jarDescription:
Common Annotations for the JavaTM Platform API License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /Users/Kevin/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256: 5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor pom organization name GlassFish Community High Vendor manifest Bundle-Description Java(TM) Common Annotations 1.2 API Design Specification Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom artifactid javax.annotation-api Low Vendor Manifest Implementation-Vendor GlassFish Community High Vendor Manifest extension-name javax.annotation Medium Vendor pom url http://jcp.org/en/jsr/detail?id=250 Highest Vendor file name javax.annotation-api High Vendor pom name ${extension.name} API High Vendor pom description Common Annotations for the JavaTM Platform API Medium Vendor pom parent-artifactid jvnet-parent Low Vendor Manifest bundle-symbolicname javax.annotation-api Medium Vendor pom groupid javax.annotation Highest Vendor pom parent-groupid net.java Medium Vendor Manifest bundle-docurl https://glassfish.java.net Low Vendor pom organization url https://glassfish.java.net Medium Product pom artifactid javax.annotation-api Highest Product pom parent-groupid net.java Low Product pom groupid javax.annotation Low Product manifest Bundle-Description Java(TM) Common Annotations 1.2 API Design Specification Medium Product pom organization name GlassFish Community Low Product Manifest Bundle-Name javax.annotation API Medium Product Manifest extension-name javax.annotation Medium Product file name javax.annotation-api High Product pom name ${extension.name} API High Product pom description Common Annotations for the JavaTM Platform API Medium Product pom parent-artifactid jvnet-parent Medium Product Manifest bundle-symbolicname javax.annotation-api Medium Product pom url http://jcp.org/en/jsr/detail?id=250 Medium Product Manifest bundle-docurl https://glassfish.java.net Low Product pom organization url https://glassfish.java.net Low Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 Highest
maven: javax.annotation:javax.annotation-api:1.2 Confidence :Highest jetty-schemas-3.1.M0.jarDescription:
Administrative parent pom for Jetty modules License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/toolchain/jetty-schemas/3.1.M0/jetty-schemas-3.1.M0.jar
MD5: 163aba653172131b21223b87ce5abf29
SHA1: 6179bafb6ed2eb029862356df6713078c7874f85
SHA256: bb94452226bf103848614948c88f44d1057c2d9203d53affc1c9057a16223907
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.eclipse.jetty.toolchain Medium Vendor pom artifactid jetty-schemas Low Vendor file name jetty-schemas High Vendor manifest Bundle-Description Administrative parent pom for Jetty modules Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor pom groupid org.eclipse.jetty.toolchain Highest Vendor pom parent-artifactid jetty-toolchain Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.schemas;singleton:=true Medium Vendor Manifest bundle-docurl http://www.mortbay.com Low Vendor pom name Jetty :: Schemas High Vendor pom groupid eclipse.jetty.toolchain Highest Product pom parent-artifactid jetty-toolchain Medium Product file name jetty-schemas High Product manifest Bundle-Description Administrative parent pom for Jetty modules Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product pom parent-groupid org.eclipse.jetty.toolchain Low Product pom groupid eclipse.jetty.toolchain Low Product Manifest bundle-symbolicname org.eclipse.jetty.schemas;singleton:=true Medium Product Manifest bundle-docurl http://www.mortbay.com Low Product Manifest Bundle-Name Jetty Servlet Schemas Medium Product pom name Jetty :: Schemas High Product pom artifactid jetty-schemas Highest Version file version 3.1.m0 Highest Version pom version 3.1.M0 Highest
maven: org.eclipse.jetty.toolchain:jetty-schemas:3.1.M0 Confidence :Highest apache-el-8.0.9.M3.jarDescription:
A rebundling of Apache Tomcat Jasper to remove the tomcat server dependencies, so that the JSP engine can be used by the Eclipse Jetty project. License:
http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/Kevin/.m2/repository/org/mortbay/jasper/apache-el/8.0.9.M3/apache-el-8.0.9.M3.jar
MD5: 1df9a4b4e119cd3d092c92e0f51f2dce
SHA1: 98daa71c32b7d27dd9463b36de9cebab3f2e5e2e
SHA256: e55df966c864f749becd6f9fbd896e062935650a99880438ffef7b2614d59fc5
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor pom groupid org.mortbay.jasper Highest Vendor pom groupid mortbay.jasper Highest Vendor pom parent-groupid org.mortbay.jasper Medium Vendor Manifest bundle-symbolicname org.mortbay.jasper.apache-el Medium Vendor file name apache-el High Vendor pom parent-artifactid jasper-jsp Low Vendor Manifest bundle-docurl http://www.mortbay.com Low Vendor pom name MortBay :: Apache EL :: API and Implementation High Vendor manifest Bundle-Description A rebundling of Apache Tomcat Jasper to remove the tomcat server dependencies, so that the JSP engine can be used by the Eclipse Jetty project. Low Vendor pom artifactid apache-el Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product pom parent-artifactid jasper-jsp Medium Product pom groupid mortbay.jasper Low Product pom parent-groupid org.mortbay.jasper Low Product pom artifactid apache-el Highest Product Manifest bundle-symbolicname org.mortbay.jasper.apache-el Medium Product file name apache-el High Product Manifest bundle-docurl http://www.mortbay.com Low Product pom name MortBay :: Apache EL :: API and Implementation High Product manifest Bundle-Description A rebundling of Apache Tomcat Jasper to remove the tomcat server dependencies, so that the JSP engine can be used by the Eclipse Jetty project. Low Product Manifest Bundle-Name Mortbay EL API and Implementation Medium Version file version 8.0.9.m3 Highest Version pom version 8.0.9.M3 Highest
maven: org.mortbay.jasper:apache-el:8.0.9.M3 Confidence :Highestcpe: cpe:/a:apache_tomcat:apache_tomcat:8.0.9.m3 Confidence :Low suppress apache-jsp-8.0.9.M3.jarDescription:
A rebundling of Apache Tomcat Jasper to remove the tomcat server dependencies, so that the JSP engine can be used by the Eclipse Jetty project. License:
http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/Kevin/.m2/repository/org/mortbay/jasper/apache-jsp/8.0.9.M3/apache-jsp-8.0.9.M3.jar
MD5: 9ad2032b63ceb54659c50fd5e733391a
SHA1: 0e46309f2423c0d7321cc2a0928f4e411b82aee9
SHA256: 0c154c190b7e75530e7b0b015a370343e9e5ae80550d7d1e8c12f33725df66ec
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor pom groupid org.mortbay.jasper Highest Vendor pom groupid mortbay.jasper Highest Vendor file name apache-jsp High Vendor pom parent-groupid org.mortbay.jasper Medium Vendor pom name MortBay :: Apache Jasper :: JSP Implementation High Vendor pom parent-artifactid jasper-jsp Low Vendor Manifest bundle-docurl http://www.mortbay.com Low Vendor Manifest bundle-symbolicname org.mortbay.jasper.apache-jsp Medium Vendor manifest Bundle-Description A rebundling of Apache Tomcat Jasper to remove the tomcat server dependencies, so that the JSP engine can be used by the Eclipse Jetty project. Low Vendor pom artifactid apache-jsp Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product pom parent-artifactid jasper-jsp Medium Product file name apache-jsp High Product pom groupid mortbay.jasper Low Product pom parent-groupid org.mortbay.jasper Low Product pom artifactid apache-jsp Highest Product pom name MortBay :: Apache Jasper :: JSP Implementation High Product Manifest Bundle-Name Mortbay Jasper Medium Product Manifest bundle-docurl http://www.mortbay.com Low Product Manifest bundle-symbolicname org.mortbay.jasper.apache-jsp Medium Product manifest Bundle-Description A rebundling of Apache Tomcat Jasper to remove the tomcat server dependencies, so that the JSP engine can be used by the Eclipse Jetty project. Low Version file version 8.0.9.m3 Highest Version pom version 8.0.9.M3 Highest
cpe: cpe:/a:apache_tomcat:apache_tomcat:8.0.9.m3 Confidence :Low suppress cpe: cpe:/a:jasper_project:jasper:8.0.9.m3 Confidence :Low suppress maven: org.mortbay.jasper:apache-jsp:8.0.9.M3 Confidence :Highest org.eclipse.jdt.core-3.8.2.v20130121.jarDescription:
This artifact originates from the Eclipse Project at Eclipse,
it is an osgi bundle and is signed as well. Originally:
org.eclipse.jdt.core.compiler.batch_3.8.2.v20130121-145325
File Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/orbit/org.eclipse.jdt.core/3.8.2.v20130121/org.eclipse.jdt.core-3.8.2.v20130121.jarMD5: bbcc2904953263282f55ebb3b8cfbc95SHA1: ebb04771ae21dec8682e4153e97404d9933a9c13SHA256: fc38504b81078d4a39e4f037bf635b9183a4e313d2d23b0f7be8a21f2ac8ab98Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description This artifact originates from the Eclipse Project at Eclipse, it is an osgi bundle and is signed as well. Originally: org.eclipse.jdt.core.compiler.batch_3.8.2.v20130121-145325 Low Vendor pom groupid org.eclipse.jetty.orbit Highest Vendor pom artifactid eclipse.jdt.core Low Vendor Manifest bundle-symbolicname org.eclipse.jdt.core.compiler.batch Medium Vendor pom parent-groupid org.eclipse.jetty.orbit Medium Vendor file name org.eclipse.jdt.core High Vendor pom parent-artifactid jetty-orbit Low Vendor pom groupid eclipse.jetty.orbit Highest Vendor pom name Jetty Orbit :: JDT Compiler High Product pom artifactid org.eclipse.jdt.core Highest Product pom description This artifact originates from the Eclipse Project at Eclipse, it is an osgi bundle and is signed as well. Originally: org.eclipse.jdt.core.compiler.batch_3.8.2.v20130121-145325 Low Product pom groupid eclipse.jetty.orbit Low Product Manifest Bundle-Name Eclipse Compiler for Java(TM) Medium Product pom parent-groupid org.eclipse.jetty.orbit Low Product Manifest bundle-symbolicname org.eclipse.jdt.core.compiler.batch Medium Product pom parent-artifactid jetty-orbit Medium Product file name org.eclipse.jdt.core High Product pom artifactid eclipse.jdt.core Highest Product pom name Jetty Orbit :: JDT Compiler High Version file version 3.8.2.v20130121 Highest Version pom version 3.8.2.v20130121 Highest
maven: org.eclipse.jetty.orbit:org.eclipse.jdt.core:3.8.2.v20130121 Confidence :Highestcpe: cpe:/a:eclipse:jetty:3.8.2.v20130121 Confidence :Low suppress cpe: cpe:/a:jetty:jetty:3.8.2.v20130121 Confidence :Low suppress Published Vulnerabilities CVE-2017-7656 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-284 Improper Access Control
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. Vulnerable Software & Versions: (show all )
CVE-2017-7657 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-19 Data Processing Errors
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. Vulnerable Software & Versions: (show all )
CVE-2017-9735 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. Vulnerable Software & Versions:
apache-jsp-9.2.15.v20160210.jarDescription:
Jetty-specific ServletContainerInitializer for Jasper License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/apache-jsp/9.2.15.v20160210/apache-jsp-9.2.15.v20160210.jar
MD5: 136f4f799c49dcc361176415ebeb8992
SHA1: 8989a61eeb3e415131196a24dec8317da3ca136d
SHA256: ac352dd03ef66e63a45ca24d0c00076f0622f06b4fab73b69d1625ac53af4d5b
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor pom groupid org.eclipse.jetty Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Vendor pom artifactid apache-jsp Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.apache-jsp Medium Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor pom groupid eclipse.jetty Highest Vendor pom parent-artifactid jetty-project Low Vendor file name apache-jsp High Vendor Manifest provide-capability osgi.serviceloader; osgi.serviceloader=javax.servlet.ServletContainerInitializer Low Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom name Jetty :: Apache JSP Implementation High Vendor pom parent-groupid org.eclipse.jetty Medium Vendor pom url http://www.eclipse.org/jetty Highest Vendor manifest Bundle-Description Jetty-specific ServletContainerInitializer for Jasper Medium Vendor Manifest require-capability osgi.extender; filter:="(osgi.extender=osgi.serviceloader.registrar)" Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Product Manifest bundle-symbolicname org.eclipse.jetty.apache-jsp Medium Product file name apache-jsp High Product Manifest provide-capability osgi.serviceloader; osgi.serviceloader=javax.servlet.ServletContainerInitializer Low Product pom url http://www.eclipse.org/jetty Medium Product pom artifactid apache-jsp Highest Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest url http://www.eclipse.org/jetty Low Product pom groupid eclipse.jetty Low Product pom name Jetty :: Apache JSP Implementation High Product pom parent-artifactid jetty-project Medium Product pom parent-groupid org.eclipse.jetty Low Product Manifest Bundle-Name Jetty :: Apache JSP Implementation Medium Product manifest Bundle-Description Jetty-specific ServletContainerInitializer for Jasper Medium Product Manifest require-capability osgi.extender; filter:="(osgi.extender=osgi.serviceloader.registrar)" Low Version file version 9.2.15.v20160210 Highest Version Manifest Implementation-Version 9.2.15.v20160210 High Version pom version 9.2.15.v20160210 Highest
cpe: cpe:/a:jetty:jetty:9.2.15.v20160210 Confidence :Low suppress cpe: cpe:/a:eclipse:jetty:9.2.15.v20160210 Confidence :Low suppress maven: org.eclipse.jetty:apache-jsp:9.2.15.v20160210 Confidence :Highest Published Vulnerabilities CVE-2017-7656 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-284 Improper Access Control
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. Vulnerable Software & Versions: (show all )
CVE-2017-7657 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-19 Data Processing Errors
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. Vulnerable Software & Versions: (show all )
CVE-2017-9735 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. Vulnerable Software & Versions:
taglibs-standard-spec-1.2.1.jarDescription:
An implementation of the JSP Standard Tag Library (JSTL) Specification API.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/taglibs/taglibs-standard-spec/1.2.1/taglibs-standard-spec-1.2.1.jar
MD5: 5948855e1b1a8048907ce84a6cb17de8
SHA1: 32aa0d038dd1e3a4c4e8ecc3c14733c6f54bef3b
SHA256: b30b47704352230a1af056048e9185ac84f426ded3794f8fbc85494ee69579e2
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid taglibs-standard-spec Low Vendor pom groupid org.apache.taglibs Highest Vendor pom name Apache Standard Taglib Specification API High Vendor pom parent-artifactid taglibs-standard Low Vendor manifest Bundle-Description An implementation of the JSP Standard Tag Library (JSTL) Specification API. Medium Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor pom groupid apache.taglibs Highest Vendor pom description
An implementation of the JSP Standard Tag Library (JSTL) Specification API.
Medium Vendor Manifest bundle-symbolicname org.apache.taglibs.taglibs-standard-spec;singleton=true Medium Vendor Manifest bundle-docurl http://tomcat.apache.org/taglibs/standard-1.2.1/taglibs-standard-spec Low Vendor pom parent-groupid org.apache.taglibs Medium Vendor file name taglibs-standard-spec High Product pom artifactid taglibs-standard-spec Highest Product pom parent-artifactid taglibs-standard Medium Product Manifest Implementation-Title Apache Standard Taglib Specification API High Product Manifest specification-title JSR-052 JavaServer Pages Standard Tag Library Specification Medium Product pom groupid apache.taglibs Low Product pom name Apache Standard Taglib Specification API High Product manifest Bundle-Description An implementation of the JSP Standard Tag Library (JSTL) Specification API. Medium Product pom description
An implementation of the JSP Standard Tag Library (JSTL) Specification API.
Medium Product Manifest bundle-symbolicname org.apache.taglibs.taglibs-standard-spec;singleton=true Medium Product Manifest bundle-docurl http://tomcat.apache.org/taglibs/standard-1.2.1/taglibs-standard-spec Low Product Manifest Bundle-Name Apache Standard Taglib Specification API Medium Product pom parent-groupid org.apache.taglibs Low Product file name taglibs-standard-spec High Version Manifest Implementation-Version 1.2.1 High Version file version 1.2.1 Highest Version pom version 1.2.1 Highest
Related Dependencies taglibs-standard-impl-1.2.1.jarFile Path: /Users/Kevin/.m2/repository/org/apache/taglibs/taglibs-standard-impl/1.2.1/taglibs-standard-impl-1.2.1.jar MD5: b268ae1e23396aaa1d4b319124745ca5 SHA1: 707591cd2ac6cc1b6beff4c0439873e03fa3a6b0 SHA256: 821074e8eb3a54c6100c591c9ed0be37bf03748e4caba59d1af1c17552ee5bbd cpe: cpe:/a:apache:standard_taglibs:1.2.1 Published Vulnerabilities CVE-2015-0254 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. Vulnerable Software & Versions:
apache-jstl-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/apache-jstl/9.2.15.v20160210/apache-jstl-9.2.15.v20160210.jarMD5: 9db9288aa58d4e0a1d63a37fd400c077SHA1: c4d2ca2cdb2894a766afd6405c2843c4444e4e56SHA256: 6723e9340ae5a91a8446cd3ddae366b0dae12e31e85f6027be41f17ab68eadaaReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor pom name Apache :: JSTL module High Vendor pom url http://tomcat.apache.org/taglibs/standard/ Highest Vendor pom groupid eclipse.jetty Highest Vendor file name apache-jstl High Vendor pom parent-artifactid jetty-project Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom groupid org.eclipse.jetty Highest Vendor pom parent-groupid org.eclipse.jetty Medium Vendor pom artifactid apache-jstl Low Product pom name Apache :: JSTL module High Product pom url http://tomcat.apache.org/taglibs/standard/ Medium Product file name apache-jstl High Product pom artifactid apache-jstl Highest Product Manifest url http://www.eclipse.org/jetty Low Product pom groupid eclipse.jetty Low Product pom parent-artifactid jetty-project Medium Product pom parent-groupid org.eclipse.jetty Low Version file version 9.2.15.v20160210 Highest Version Manifest Implementation-Version 9.2.15.v20160210 High Version pom version 9.2.15.v20160210 Highest
maven: org.eclipse.jetty:apache-jstl:9.2.15.v20160210 Confidence :Highestcpe: cpe:/a:apache_tomcat:apache_tomcat:9.2.15.v20160210 Confidence :Low suppress websocket-common-9.2.15.v20160210.jarDescription:
Administrative parent pom for Jetty modules License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/websocket/websocket-common/9.2.15.v20160210/websocket-common-9.2.15.v20160210.jar
MD5: d02f4478984ab4b3653e446172d95ac3
SHA1: ee5616ec65d6c8f05fe16ee4dbb6723b2ebff470
SHA256: 5caae59182ebf39ebe6ba41c1ddf713787e0ce1d4300c1f6623e5b1f245ec453
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor pom name Jetty :: Websocket :: Common High Vendor Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor Manifest bundle-symbolicname org.eclipse.jetty.websocket.common Medium Vendor pom groupid org.eclipse.jetty.websocket Highest Vendor manifest Bundle-Description Administrative parent pom for Jetty modules Medium Vendor pom parent-groupid org.eclipse.jetty.websocket Medium Vendor pom artifactid websocket-common Low Vendor file name websocket-common High Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor pom parent-artifactid websocket-parent Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom groupid eclipse.jetty.websocket Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product pom groupid eclipse.jetty.websocket Low Product pom name Jetty :: Websocket :: Common High Product pom artifactid websocket-common Highest Product Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Product Manifest Bundle-Name Jetty :: Websocket :: Common Medium Product Manifest bundle-symbolicname org.eclipse.jetty.websocket.common Medium Product manifest Bundle-Description Administrative parent pom for Jetty modules Medium Product file name websocket-common High Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product pom parent-artifactid websocket-parent Medium Product Manifest url http://www.eclipse.org/jetty Low Product pom parent-groupid org.eclipse.jetty.websocket Low Version file version 9.2.15.v20160210 Highest Version Manifest Implementation-Version 9.2.15.v20160210 High Version pom version 9.2.15.v20160210 Highest
Related Dependencies websocket-servlet-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/websocket/websocket-servlet/9.2.15.v20160210/websocket-servlet-9.2.15.v20160210.jar MD5: b255ff4e05cc66a7d2d41da0fc006466 SHA1: ca24b1aabde6a3231e4c8b8f3550dadb4abb2628 SHA256: 5c3b732fc844b879b9f984fe20ac3991750a0244fa858ef3dca056b7c6541fc2 websocket-client-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/websocket/websocket-client/9.2.15.v20160210/websocket-client-9.2.15.v20160210.jar MD5: e511ce6ecb9b264b7b14e1a06b870a31 SHA1: ca9769107f3b8111102c5d4f482122dd116fb711 SHA256: caf23ab2f8548700d860d18aae30fa13e15a29a5d2308bac4e6ae444ac2ba098 websocket-server-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/websocket/websocket-server/9.2.15.v20160210/websocket-server-9.2.15.v20160210.jar MD5: f5511e41c7e807f01b14ca8d60817125 SHA1: 51979615ac1cdd9a91e6ef1263be2ed0d187c9c1 SHA256: c9f90e1bdd4914bf78c2103a11956d9afb88eeec4e3ab6d43f545d0509b521ca maven: org.eclipse.jetty.websocket:websocket-common:9.2.15.v20160210 Confidence :Highestcpe: cpe:/a:jetty:jetty:9.2.15.v20160210 Confidence :Low suppress cpe: cpe:/a:eclipse:jetty:9.2.15.v20160210 Confidence :Low suppress Published Vulnerabilities CVE-2017-7656 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-284 Improper Access Control
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. Vulnerable Software & Versions: (show all )
CVE-2017-7657 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-19 Data Processing Errors
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. Vulnerable Software & Versions: (show all )
CVE-2017-9735 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. Vulnerable Software & Versions:
websocket-api-9.2.15.v20160210.jarDescription:
Administrative parent pom for Jetty modules License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/websocket/websocket-api/9.2.15.v20160210/websocket-api-9.2.15.v20160210.jar
MD5: ed9937a137a90d8e49fa1c71b0db6346
SHA1: f0340017129a65097824dd62a04b3c887f397dd9
SHA256: 2ad5ab7d46a22e9f50987dcb59da0d9ebbc353359f724c66cb06bc13fb6df1c6
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor pom name Jetty :: Websocket :: API High Vendor pom artifactid websocket-api Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.websocket.api Medium Vendor file name websocket-api High Vendor Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor pom groupid org.eclipse.jetty.websocket Highest Vendor manifest Bundle-Description Administrative parent pom for Jetty modules Medium Vendor pom parent-groupid org.eclipse.jetty.websocket Medium Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor pom parent-artifactid websocket-parent Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom groupid eclipse.jetty.websocket Highest Product pom artifactid websocket-api Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product pom name Jetty :: Websocket :: API High Product pom groupid eclipse.jetty.websocket Low Product Manifest bundle-symbolicname org.eclipse.jetty.websocket.api Medium Product file name websocket-api High Product Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Product manifest Bundle-Description Administrative parent pom for Jetty modules Medium Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product pom parent-artifactid websocket-parent Medium Product Manifest url http://www.eclipse.org/jetty Low Product Manifest Bundle-Name Jetty :: Websocket :: API Medium Product pom parent-groupid org.eclipse.jetty.websocket Low Version file version 9.2.15.v20160210 Highest Version Manifest Implementation-Version 9.2.15.v20160210 High Version pom version 9.2.15.v20160210 Highest
maven: org.eclipse.jetty.websocket:websocket-api:9.2.15.v20160210 Confidence :Highest javax.websocket-api-1.1.jarDescription:
JSR 356: Java API for WebSocket License:
https://glassfish.java.net/public/CDDL+GPL_1_1.html File Path: /Users/Kevin/.m2/repository/javax/websocket/javax.websocket-api/1.1/javax.websocket-api-1.1.jar
MD5: be29e11a4a15742aa6fb418fa46345e3
SHA1: eeeb68631711256418dfbb47b11c731b6c8f6235
SHA256: a260973517bf6411d659b588a719aa27e7e4e47dfbd510fceb5bf1023a2c45e4
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description JSR 356: Java API for WebSocket Medium Vendor Manifest bundle-symbolicname javax.websocket-api Medium Vendor pom artifactid javax.websocket-api Low Vendor pom description JSR 356: Java API for WebSocket Medium Vendor pom url http://websocket-spec.java.net Highest Vendor pom parent-artifactid javax.websocket-all Low Vendor file name javax.websocket-api High Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor Manifest extension-name javax.websocket Medium Vendor pom groupid javax.websocket Highest Vendor pom name WebSocket server API High Product pom description JSR 356: Java API for WebSocket Medium Product pom groupid javax.websocket Low Product Manifest bundle-docurl http://www.oracle.com Low Product pom parent-artifactid javax.websocket-all Medium Product pom artifactid javax.websocket-api Highest Product manifest Bundle-Description JSR 356: Java API for WebSocket Medium Product Manifest bundle-symbolicname javax.websocket-api Medium Product pom url http://websocket-spec.java.net Medium Product file name javax.websocket-api High Product Manifest extension-name javax.websocket Medium Product Manifest Bundle-Name WebSocket server API Medium Product pom name WebSocket server API High Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version file version 1.1 Highest
maven: javax.websocket:javax.websocket-api:1.1 Confidence :Highest javax-websocket-server-impl-9.2.15.v20160210.jarDescription:
javax.websocket.server Implementation License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/websocket/javax-websocket-server-impl/9.2.15.v20160210/javax-websocket-server-impl-9.2.15.v20160210.jar
MD5: 7aae20354f7e514198ef77fea3e5279f
SHA1: 241e7f1fc7fa6ba305f5a268cbe1faf7d12858fd
SHA256: b15394d96713ffd7e22d6d04a2ba1a1b06a732fafab46c117818e7eda9c442a0
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Vendor manifest Bundle-Description javax.websocket.server Implementation Medium Vendor pom artifactid javax-websocket-server-impl Low Vendor Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Vendor Manifest require-capability osgi.extender; filter:="(osgi.extender=osgi.serviceloader.registrar)";resolution:=optional Low Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor pom groupid org.eclipse.jetty.websocket Highest Vendor pom parent-groupid org.eclipse.jetty.websocket Medium Vendor Manifest provide-capability osgi.serviceloader; osgi.serviceloader=javax.servlet.ServletContainerInitializer Low Vendor file name javax-websocket-server-impl High Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor pom parent-artifactid websocket-parent Low Vendor pom name Jetty :: Websocket :: javax.websocket.server :: Server Implementation High Vendor Manifest url http://www.eclipse.org/jetty Low Vendor Manifest bundle-symbolicname org.eclipse.jetty.websocket.javax.websocket.server Medium Vendor pom groupid eclipse.jetty.websocket Highest Product Manifest bundle-requiredexecutionenvironment JavaSE-1.7 Low Product Manifest Bundle-Name Jetty :: Websocket :: javax.websocket.server :: Server Implementation Medium Product manifest Bundle-Description javax.websocket.server Implementation Medium Product pom groupid eclipse.jetty.websocket Low Product Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Product Manifest require-capability osgi.extender; filter:="(osgi.extender=osgi.serviceloader.registrar)";resolution:=optional Low Product pom artifactid javax-websocket-server-impl Highest Product Manifest provide-capability osgi.serviceloader; osgi.serviceloader=javax.servlet.ServletContainerInitializer Low Product file name javax-websocket-server-impl High Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product pom parent-artifactid websocket-parent Medium Product pom name Jetty :: Websocket :: javax.websocket.server :: Server Implementation High Product Manifest url http://www.eclipse.org/jetty Low Product Manifest bundle-symbolicname org.eclipse.jetty.websocket.javax.websocket.server Medium Product pom parent-groupid org.eclipse.jetty.websocket Low Version file version 9.2.15.v20160210 Highest Version Manifest Implementation-Version 9.2.15.v20160210 High Version pom version 9.2.15.v20160210 Highest
Related Dependencies javax-websocket-client-impl-9.2.15.v20160210.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/websocket/javax-websocket-client-impl/9.2.15.v20160210/javax-websocket-client-impl-9.2.15.v20160210.jar MD5: d1c4b2810175de8c7db2b3323b5803c7 SHA1: 6773cd3e8ca40d19117deb4fbceb93f4e716eb86 SHA256: c007f556b26c7c5bba56a253ef72dfb44cd03f1c34cbe4217fad065cd0526676 cpe: cpe:/a:jetty:jetty:9.2.15.v20160210 Confidence :Low suppress cpe: cpe:/a:eclipse:jetty:9.2.15.v20160210 Confidence :Low suppress maven: org.eclipse.jetty.websocket:javax-websocket-server-impl:9.2.15.v20160210 Confidence :Highest Published Vulnerabilities CVE-2017-7656 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-284 Improper Access Control
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response. Vulnerable Software & Versions: (show all )
CVE-2017-7657 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-190 Integer Overflow or Wraparound
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request. Vulnerable Software & Versions: (show all )
CVE-2017-7658 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-19 Data Processing Errors
In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization. Vulnerable Software & Versions: (show all )
CVE-2017-9735 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. Vulnerable Software & Versions:
onos-core-dist-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onos-core-dist/1.13.1/onos-core-dist-1.13.1.jarMD5: 3fd21200cb9531fabcba49cabc70d4b6SHA1: 73731679c242852f1763125c23e81bcd68796d6bSHA256: 263593273d2497a54eb722bdfb481771dfe60f941de5938c6065240d5c129889Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.onosproject Medium Vendor pom artifactid onos-core-dist Low Vendor pom name onos-core-dist High Vendor Manifest service-component OSGI-INF/org.onosproject.store.topology.impl.DistributedTopologyStore.xml,OSGI-INF/org.onosproject.store.mastership.impl.ConsistentDeviceMastershipStore.xml,OSGI-INF/org.onosproject.store.statistic.impl.DistributedFlowStatisticStore.xml,OSGI-INF/org.onosproject.store.core.impl.LogicalClockManager.xml,OSGI-INF/org.onosproject.store.flow.impl.ReplicaInfoManager.xml,OSGI-INF/org.onosproject.store.pi.impl.DistributedDevicePipeconfMappingStore.xml,OSGI-INF/org.onosproject.store.core.impl.DistributedApplicationIdStore.xml,OSGI-INF/org.onosproject.store.key.impl.DistributedDeviceKeyStore.xml,OSGI-INF/org.onosproject.store.region.impl.DistributedRegionStore.xml,OSGI-INF/org.onosproject.store.resource.impl.ConsistentResourceStore.xml,OSGI-INF/org.onosproject.store.group.impl.DistributedGroupStore.xml,OSGI-INF/org.onosproject.store.cluster.messaging.impl.NettyMessagingManager.xml,OSGI-INF/org.onosproject.store.pi.impl.DistributedPiFlowRuleTranslationStore.xml,OSGI-INF/org.onosproject.store.core.impl.DistributedIdBlockStore.xml,OSGI-INF/org.onosproject.store.pi.impl.DistributedPiGroupTranslationStore.xml,OSGI-INF/org.onosproject.store.mcast.impl.DistributedMcastStore.xml,OSGI-INF/org.onosproject.store.flowobjective.impl.DistributedFlowObjectiveStore.xml,OSGI-INF/org.onosproject.store.intent.impl.GossipIntentStore.xml,OSGI-INF/org.onosproject.store.intent.impl.WorkPartitionManager.xml,OSGI-INF/org.onosproject.store.flow.impl.DistributedFlowRuleStore.xml,OSGI-INF/org.onosproject.store.flow.impl.ECFlowRuleStore.xml,OSGI-INF/org.onosproject.store.host.impl.DistributedHostStore.xml,OSGI-INF/org.onosproject.store.cfg.DistributedComponentConfigStore.xml,OSGI-INF/org.onosproject.store.config.impl.DistributedNetworkConfigStore.xml,OSGI-INF/org.onosproject.store.device.impl.GossipDeviceStore.xml,OSGI-INF/org.onosproject.store.cluster.messaging.impl.ClusterCommunicationManager.xml,OSGI-INF/org.onosproject.store.intent.impl.ConsistentIntentSetMultimap.xml,OSGI-INF/org.onosproject.store.device.impl.DeviceClockManager.xml,OSGI-INF/org.onosproject.store.cluster.impl.DistributedLeadershipStore.xml,OSGI-INF/org.onosproject.store.link.impl.ECLinkStore.xml,OSGI-INF/org.onosproject.store.cluster.impl.DistributedClusterStore.xml,OSGI-INF/org.onosproject.store.statistic.impl.DistributedStatisticStore.xml,OSGI-INF/org.onosproject.store.packet.impl.DistributedPacketStore.xml,OSGI-INF/org.onosproject.store.app.DistributedApplicationStore.xml,OSGI-INF/org.onosproject.store.pi.impl.DistributedPiMeterTranslationStore.xml Low Vendor pom groupid onosproject Highest Vendor pom parent-artifactid onos-base Low Vendor pom groupid org.onosproject Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor file name onos-core-dist High Vendor Manifest bundle-symbolicname org.onosproject.onos-core-dist Medium Product pom parent-artifactid onos-base Medium Product pom name onos-core-dist High Product Manifest service-component OSGI-INF/org.onosproject.store.topology.impl.DistributedTopologyStore.xml,OSGI-INF/org.onosproject.store.mastership.impl.ConsistentDeviceMastershipStore.xml,OSGI-INF/org.onosproject.store.statistic.impl.DistributedFlowStatisticStore.xml,OSGI-INF/org.onosproject.store.core.impl.LogicalClockManager.xml,OSGI-INF/org.onosproject.store.flow.impl.ReplicaInfoManager.xml,OSGI-INF/org.onosproject.store.pi.impl.DistributedDevicePipeconfMappingStore.xml,OSGI-INF/org.onosproject.store.core.impl.DistributedApplicationIdStore.xml,OSGI-INF/org.onosproject.store.key.impl.DistributedDeviceKeyStore.xml,OSGI-INF/org.onosproject.store.region.impl.DistributedRegionStore.xml,OSGI-INF/org.onosproject.store.resource.impl.ConsistentResourceStore.xml,OSGI-INF/org.onosproject.store.group.impl.DistributedGroupStore.xml,OSGI-INF/org.onosproject.store.cluster.messaging.impl.NettyMessagingManager.xml,OSGI-INF/org.onosproject.store.pi.impl.DistributedPiFlowRuleTranslationStore.xml,OSGI-INF/org.onosproject.store.core.impl.DistributedIdBlockStore.xml,OSGI-INF/org.onosproject.store.pi.impl.DistributedPiGroupTranslationStore.xml,OSGI-INF/org.onosproject.store.mcast.impl.DistributedMcastStore.xml,OSGI-INF/org.onosproject.store.flowobjective.impl.DistributedFlowObjectiveStore.xml,OSGI-INF/org.onosproject.store.intent.impl.GossipIntentStore.xml,OSGI-INF/org.onosproject.store.intent.impl.WorkPartitionManager.xml,OSGI-INF/org.onosproject.store.flow.impl.DistributedFlowRuleStore.xml,OSGI-INF/org.onosproject.store.flow.impl.ECFlowRuleStore.xml,OSGI-INF/org.onosproject.store.host.impl.DistributedHostStore.xml,OSGI-INF/org.onosproject.store.cfg.DistributedComponentConfigStore.xml,OSGI-INF/org.onosproject.store.config.impl.DistributedNetworkConfigStore.xml,OSGI-INF/org.onosproject.store.device.impl.GossipDeviceStore.xml,OSGI-INF/org.onosproject.store.cluster.messaging.impl.ClusterCommunicationManager.xml,OSGI-INF/org.onosproject.store.intent.impl.ConsistentIntentSetMultimap.xml,OSGI-INF/org.onosproject.store.device.impl.DeviceClockManager.xml,OSGI-INF/org.onosproject.store.cluster.impl.DistributedLeadershipStore.xml,OSGI-INF/org.onosproject.store.link.impl.ECLinkStore.xml,OSGI-INF/org.onosproject.store.cluster.impl.DistributedClusterStore.xml,OSGI-INF/org.onosproject.store.statistic.impl.DistributedStatisticStore.xml,OSGI-INF/org.onosproject.store.packet.impl.DistributedPacketStore.xml,OSGI-INF/org.onosproject.store.app.DistributedApplicationStore.xml,OSGI-INF/org.onosproject.store.pi.impl.DistributedPiMeterTranslationStore.xml Low Product Manifest Bundle-Name onos-core-dist Medium Product pom parent-groupid org.onosproject Low Product pom artifactid onos-core-dist Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name onos-core-dist High Product Manifest bundle-symbolicname org.onosproject.onos-core-dist Medium Product pom groupid onosproject Low Version file version 1.13.1 Highest Version pom version 1.13.1 Highest
Related Dependencies onos-incubator-store-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onos-incubator-store/1.13.1/onos-incubator-store-1.13.1.jar MD5: 83c36fa6a129aaafce3ebce76c104d60 SHA1: bb627c5932f270f1115bedde06cbc0502351d442 SHA256: 78937f6b06d0f90b4a7141843b1bf1cde38e4c45371cd90d8a5fc3e7229cc6b9 cpe: cpe:/a:onosproject:onos:1.13.1 onos-incubator-api-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onos-incubator-api/1.13.1/onos-incubator-api-1.13.1.jar MD5: b3707a539549f8555f61c9da13d965df SHA1: bfb854ead0ae254da3b60c4188a3a02753254feb SHA256: ee35257dc643ad505e0f5edab90431bb7f9d57e0a7f76d61cbaf4cd9bebaf526 cpe: cpe:/a:onosproject:onos:1.13.1 onos-core-serializers-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onos-core-serializers/1.13.1/onos-core-serializers-1.13.1.jar MD5: 6e084e6af2aaceadd31048387db600c6 SHA1: 5d08ba2f84421d3131ce307e35c44fcda5b2aefd SHA256: 6548b1b83a7fff82e6e7434f1a7e036e40480e082db18334ba155a9c4d68ffd4 cpe: cpe:/a:onosproject:onos:1.13.1 onos-core-common-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onos-core-common/1.13.1/onos-core-common-1.13.1.jar MD5: a262d0333ad09f5bad36978d2b28d24b SHA1: 20584b32a65ee79591be61a151bcaaacc29b4e0c SHA256: 5216f8615454ff39dff8c0dd555dc1bd8edd461df3763d17160b22604ea3deb5 cpe: cpe:/a:onosproject:onos:1.13.1 onos-cli-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onos-cli/1.13.1/onos-cli-1.13.1.jar MD5: 2d6d30da05f46244e611e162ba1ee463 SHA1: 6a82540a9eea364f3a9a3aca1d5a14348a16c551 SHA256: e8be6a6893086802892ce911191e2cd31a9b4caff4466202eb94f3183dc2c57c cpe: cpe:/a:onosproject:onos:1.13.1 onos-incubator-net-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onos-incubator-net/1.13.1/onos-incubator-net-1.13.1.jar MD5: 5c4ed8b153b5bffcb97768d13d7b470c SHA1: d83d3fce547de92942d2cd66386dc301e8113b35 SHA256: d2e7a381c8a62c61fc94b4861e55a47de4b638195857634b16502f3f8183730d cpe: cpe:/a:onosproject:onos:1.13.1 onos-api-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onos-api/1.13.1/onos-api-1.13.1.jar MD5: d245317b1c2dc2309a64993e72f2d27e SHA1: d3bc6d18bf75c6d73ac9c2d4f436f545de60d3b7 SHA256: a0038c1386dad15e1fec8d1e80e60f8a04613949bddd8ecd7ff2f819cbb362d5 cpe: cpe:/a:onosproject:onos:1.13.1 Published Vulnerabilities CVE-2018-1000614 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. Vulnerable Software & Versions:
CVE-2018-1000615 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. Vulnerable Software & Versions:
CVE-2018-1000616 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. Vulnerable Software & Versions:
asm-5.0.4.jarFile Path: /Users/Kevin/.m2/repository/org/ow2/asm/asm/5.0.4/asm-5.0.4.jarMD5: c8a73cdfdf802ab0220c860d590d0f84SHA1: 0da08b8cce7bbf903602a25a3a163ae252435795SHA256: 896618ed8ae62702521a78bc7be42b7c491a08e6920a15f89a3ecdec31e9a220Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.ow2.asm Highest Vendor pom artifactid asm Low Vendor Manifest bundle-symbolicname org.objectweb.asm Medium Vendor Manifest bundle-docurl http://asm.objectweb.org Low Vendor file name asm High Vendor pom name ASM Core High Vendor pom groupid ow2.asm Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor pom parent-groupid org.ow2.asm Medium Vendor Manifest Implementation-Vendor France Telecom R&D High Vendor pom parent-artifactid asm-parent Low Product Manifest Implementation-Title ASM High Product pom groupid ow2.asm Low Product Manifest bundle-symbolicname org.objectweb.asm Medium Product Manifest bundle-docurl http://asm.objectweb.org Low Product pom parent-groupid org.ow2.asm Low Product file name asm High Product Manifest Bundle-Name ASM Medium Product pom name ASM Core High Product pom parent-artifactid asm-parent Medium Product pom artifactid asm Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Version file version 5.0.4 Highest Version pom version 5.0.4 Highest Version Manifest Implementation-Version 5.0.4 High
maven: org.ow2.asm:asm:5.0.4 Confidence :Highest commons-collections-3.2.2.jarDescription:
Types that extend and augment the Java Collections Framework. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256: eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/collections/ Low Vendor pom description Types that extend and augment the Java Collections Framework. Medium Vendor pom parent-artifactid commons-parent Low Vendor Manifest bundle-symbolicname org.apache.commons.collections Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Vendor pom url http://commons.apache.org/collections/ Highest Vendor pom groupid commons-collections Highest Vendor manifest Bundle-Description Types that extend and augment the Java Collections Framework. Medium Vendor pom name Apache Commons Collections High Vendor Manifest implementation-url http://commons.apache.org/collections/ Low Vendor file name commons-collections High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Vendor pom artifactid commons-collections Low Product Manifest specification-title Apache Commons Collections Medium Product pom url http://commons.apache.org/collections/ Medium Product Manifest bundle-docurl http://commons.apache.org/collections/ Low Product pom description Types that extend and augment the Java Collections Framework. Medium Product Manifest bundle-symbolicname org.apache.commons.collections Medium Product Manifest implementation-build tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100 Low Product Manifest Bundle-Name Apache Commons Collections Medium Product pom artifactid commons-collections Highest Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product manifest Bundle-Description Types that extend and augment the Java Collections Framework. Medium Product pom name Apache Commons Collections High Product Manifest implementation-url http://commons.apache.org/collections/ Low Product file name commons-collections High Product pom groupid commons-collections Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.3))" Low Product Manifest Implementation-Title Apache Commons Collections High Version pom version 3.2.2 Highest Version file version 3.2.2 Highest Version Manifest Implementation-Version 3.2.2 High
cpe: cpe:/a:apache:commons_collections:3.2.2 Confidence :Low suppress maven: commons-collections:commons-collections:3.2.2 Confidence :Highest commons-configuration-1.10.jarDescription:
Tools to assist in the reading of configuration/preferences files in various formats. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-configuration/commons-configuration/1.10/commons-configuration-1.10.jar
MD5: b16511ce540fefd53981245f5f21c5f8
SHA1: 2b36e4adfb66d966c5aef2d73deb6be716389dc9
SHA256: 95d4e6711e88ce78992c82c25bc03c8df9ecf5a357f0de0bec72a26db3399374
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest implementation-build tags/CONFIGURATION_1_10RC2@r1535308; 2013-10-24 01:20:22-0700 Low Vendor pom artifactid commons-configuration Low Vendor Manifest bundle-docurl http://commons.apache.org/configuration/ Low Vendor manifest Bundle-Description Tools to assist in the reading of configuration/preferences files in various formats. Medium Vendor pom parent-artifactid commons-parent Low Vendor file name commons-configuration High Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Apache Commons Configuration High Vendor pom groupid commons-configuration Highest Vendor Manifest bundle-symbolicname org.apache.commons.configuration Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom description Tools to assist in the reading of configuration/preferences files in various formats. Medium Vendor pom url http://commons.apache.org/configuration/ Highest Product Manifest implementation-build tags/CONFIGURATION_1_10RC2@r1535308; 2013-10-24 01:20:22-0700 Low Product Manifest bundle-docurl http://commons.apache.org/configuration/ Low Product Manifest Bundle-Name Apache Commons Configuration Medium Product manifest Bundle-Description Tools to assist in the reading of configuration/preferences files in various formats. Medium Product file name commons-configuration High Product Manifest Implementation-Title Apache Commons Configuration High Product pom name Apache Commons Configuration High Product Manifest specification-title Apache Commons Configuration Medium Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product Manifest bundle-symbolicname org.apache.commons.configuration Medium Product pom groupid commons-configuration Low Product pom artifactid commons-configuration Highest Product pom description Tools to assist in the reading of configuration/preferences files in various formats. Medium Product pom url http://commons.apache.org/configuration/ Medium Version pom version 1.10 Highest Version file version 1.10 Highest Version Manifest Implementation-Version 1.10 High
maven: commons-configuration:commons-configuration:1.10 Confidence :Highest commons-lang3-3.6.jarDescription:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
SHA256: 89c27f03fff18d0b06e7afd7ef25e209766df95b6c1269d6c3ebbdea48d5f284
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor pom artifactid commons-lang3 Low Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Apache Commons Lang High Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor file name commons-lang3 High Vendor pom groupid org.apache.commons Highest Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product Manifest Implementation-Title Apache Commons Lang High Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product pom name Apache Commons Lang High Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product Manifest specification-title Apache Commons Lang Medium Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product pom description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Product manifest Bundle-Description Apache Commons Lang, a package of Java utility classes for the classes that are in java.lang's hierarchy, or are considered to be so standard as to justify existence in java.lang. Low Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom groupid apache.commons Low Product file name commons-lang3 High Product pom artifactid commons-lang3 Highest Version pom version 3.6 Highest Version file version 3.6 Highest Version Manifest Implementation-Version 3.6 High
maven: org.apache.commons:commons-lang3:3.6 Confidence :Highest commons-logging-1.2.jarDescription:
Apache Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256: daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Vendor manifest Bundle-Description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Vendor pom groupid commons-logging Highest Vendor pom url http://commons.apache.org/proper/commons-logging/ Highest Vendor pom parent-artifactid commons-parent Low Vendor Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name commons-logging High Vendor pom description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Vendor pom name Apache Commons Logging High Vendor Manifest bundle-symbolicname org.apache.commons.logging Medium Vendor pom artifactid commons-logging Low Vendor Manifest specification-vendor The Apache Software Foundation Low Product Manifest bundle-docurl http://commons.apache.org/proper/commons-logging/ Low Product manifest Bundle-Description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Product pom url http://commons.apache.org/proper/commons-logging/ Medium Product Manifest specification-title Apache Commons Logging Medium Product Manifest Implementation-Title Apache Commons Logging High Product Manifest implementation-build tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200 Low Product pom artifactid commons-logging Highest Product pom groupid commons-logging Low Product file name commons-logging High Product Manifest Bundle-Name Apache Commons Logging Medium Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom description Apache Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Product pom name Apache Commons Logging High Product Manifest bundle-symbolicname org.apache.commons.logging Medium Version pom version 1.2 Highest Version Manifest Implementation-Version 1.2 High Version file version 1.2 Highest
maven: commons-logging:commons-logging:1.2 Confidence :Highest commons-math3-3.6.1.jarDescription:
The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256: 1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.commons Highest Vendor pom url http://commons.apache.org/proper/commons-math/ Highest Vendor Manifest bundle-symbolicname org.apache.commons.math3 Medium Vendor pom parent-artifactid commons-parent Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor file name commons-math3 High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom description The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom name Apache Commons Math High Vendor manifest Bundle-Description The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. Low Vendor Manifest implementation-build 16abfe5de688cc52fb0396e0609cb33044b15653; 2016-03-17 13:30:43-0400 Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-url http://commons.apache.org/proper/commons-math/ Low Vendor pom artifactid commons-math3 Low Vendor pom groupid org.apache.commons Highest Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-math/ Low Product Manifest specification-title Apache Commons Math Medium Product Manifest bundle-symbolicname org.apache.commons.math3 Medium Product file name commons-math3 High Product pom description The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom name Apache Commons Math High Product manifest Bundle-Description The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang. Low Product Manifest implementation-build 16abfe5de688cc52fb0396e0609cb33044b15653; 2016-03-17 13:30:43-0400 Low Product pom artifactid commons-math3 Highest Product Manifest implementation-url http://commons.apache.org/proper/commons-math/ Low Product Manifest Bundle-Name Apache Commons Math Medium Product pom groupid apache.commons Low Product Manifest Implementation-Title Apache Commons Math High Product Manifest bundle-docurl http://commons.apache.org/proper/commons-math/ Low Product pom url http://commons.apache.org/proper/commons-math/ Medium Version file version 3.6.1 Highest Version Manifest Implementation-Version 3.6.1 High Version pom version 3.6.1 Highest
maven: org.apache.commons:commons-math3:3.6.1 Confidence :Highest commons-pool-1.6.jarDescription:
Commons Object Pooling Library License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/commons-pool/commons-pool/1.6/commons-pool-1.6.jar
MD5: 5ca02245c829422176d23fa530e919cc
SHA1: 4572d589699f09d866a226a14b7f4323c6d8f040
SHA256: 46c42b4a38dc6b2db53a9ee5c92c63db103665d56694e2cfce2c95d51a6860cc
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid commons-parent Low Vendor Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor pom description Commons Object Pooling Library Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-pool Low Vendor pom url http://commons.apache.org/pool/ Highest Vendor pom name Commons Pool High Vendor Manifest bundle-symbolicname org.apache.commons.pool Medium Vendor Manifest bundle-docurl http://commons.apache.org/pool/ Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor manifest Bundle-Description Commons Object Pooling Library Medium Vendor file name commons-pool High Vendor pom groupid commons-pool Highest Product pom groupid commons-pool Low Product pom artifactid commons-pool Highest Product Manifest implementation-build UNKNOWN_BRANCH@r??????; 2012-01-04 10:31:47-0500 Low Product pom description Commons Object Pooling Library Medium Product Manifest Implementation-Title Commons Pool High Product Manifest specification-title Commons Pool Medium Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/pool/ Medium Product pom name Commons Pool High Product Manifest Bundle-Name Commons Pool Medium Product Manifest bundle-symbolicname org.apache.commons.pool Medium Product Manifest bundle-docurl http://commons.apache.org/pool/ Low Product manifest Bundle-Description Commons Object Pooling Library Medium Product file name commons-pool High Version Manifest Implementation-Version 1.6 High Version file version 1.6 Highest Version pom version 1.6 Highest
maven: commons-pool:commons-pool:1.6 Confidence :Highest concurrent-trees-2.6.1.jarDescription:
Concurrent Radix Trees and Concurrent Suffix Trees for Java. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/googlecode/concurrent-trees/concurrent-trees/2.6.1/concurrent-trees-2.6.1.jar
MD5: 61170474fb5c73f668d786b972c2040e
SHA1: 9b647240522ab67c003de9b6702ca81ac0c15efc
SHA256: 04e3724984e2a5cbf55606cfa372a5bd3d3c5d2a21533a7004e3cde539761fa5
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname concurrent-trees Medium Vendor pom groupid com.googlecode.concurrent-trees Highest Vendor file name concurrent-trees High Vendor pom groupid googlecode.concurrent-trees Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid concurrent-trees Low Vendor pom name Concurrent-Trees High Vendor pom description Concurrent Radix Trees and Concurrent Suffix Trees for Java. Medium Vendor pom url npgall/concurrent-trees Highest Product Manifest Bundle-Name Concurrent-Trees Medium Product pom artifactid concurrent-trees Highest Product Manifest bundle-symbolicname concurrent-trees Medium Product file name concurrent-trees High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom url npgall/concurrent-trees High Product pom name Concurrent-Trees High Product pom description Concurrent Radix Trees and Concurrent Suffix Trees for Java. Medium Product pom groupid googlecode.concurrent-trees Low Version file version 2.6.1 Highest Version pom version 2.6.1 Highest
maven: com.googlecode.concurrent-trees:concurrent-trees:2.6.1 Confidence :Highest error_prone_annotations-2.0.18.jarFile Path: /Users/Kevin/.m2/repository/com/google/errorprone/error_prone_annotations/2.0.18/error_prone_annotations-2.0.18.jarMD5: 98051758c08c9b7111b3268655069432SHA1: 5f65affce1684999e2f4024983835efc3504012eSHA256: cb4cfad870bf563a07199f3ebea5763f0dec440fcda0b318640b1feaa788656bReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid com.google.errorprone Medium Vendor pom parent-artifactid error_prone_parent Low Vendor pom name error-prone annotations High Vendor pom artifactid error_prone_annotations Low Vendor jar package name annotations Low Vendor jar package name google Low Vendor jar package name errorprone Low Vendor pom groupid com.google.errorprone Highest Vendor file name error_prone_annotations High Vendor pom groupid google.errorprone Highest Product pom name error-prone annotations High Product jar package name annotations Low Product pom groupid google.errorprone Low Product pom artifactid error_prone_annotations Highest Product jar package name errorprone Low Product file name error_prone_annotations High Product pom parent-groupid com.google.errorprone Low Product pom parent-artifactid error_prone_parent Medium Version pom version 2.0.18 Highest Version file version 2.0.18 Highest
maven: com.google.errorprone:error_prone_annotations:2.0.18 Confidence :Highest j2objc-annotations-1.1.jarDescription:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar
MD5: 49ae3204bb0bb9b2ac77062641f4a6d7
SHA1: ed28ded51a8b1c6b112568def5f4b455e6809019
SHA256: 2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid com.google.j2objc Highest Vendor pom groupid google.j2objc Highest Vendor pom description A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation. Low Vendor pom artifactid j2objc-annotations Low Vendor pom name J2ObjC Annotations High Vendor jar package name annotations Low Vendor pom url google/j2objc/ Highest Vendor jar package name google Low Vendor file name j2objc-annotations High Vendor jar package name j2objc Low Product pom artifactid j2objc-annotations Highest Product pom description A set of annotations that provide additional information to the J2ObjC translator to modify the result of translation. Low Product pom groupid google.j2objc Low Product pom name J2ObjC Annotations High Product jar package name annotations Low Product pom url google/j2objc/ High Product file name j2objc-annotations High Product jar package name j2objc Low Version pom version 1.1 Highest Version file version 1.1 Highest
maven: com.google.j2objc:j2objc-annotations:1.1 Confidence :Highest animal-sniffer-annotations-1.14.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/mojo/animal-sniffer-annotations/1.14/animal-sniffer-annotations-1.14.jarMD5: 9d42e46845c874f1710a9f6a741f6c14SHA1: 775b7e22fb10026eed3f86e8dc556dfafe35f2d5SHA256: 2068320bd6bad744c3673ab048f67e30bef8f518996fa380033556600669905dReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.codehaus.mojo Medium Vendor jar package name animal_sniffer Low Vendor pom name Animal Sniffer Annotations High Vendor pom groupid codehaus.mojo Highest Vendor pom groupid org.codehaus.mojo Highest Vendor jar package name codehaus Low Vendor file name animal-sniffer-annotations High Vendor pom artifactid animal-sniffer-annotations Low Vendor pom parent-artifactid animal-sniffer-parent Low Vendor jar package name mojo Low Product pom artifactid animal-sniffer-annotations Highest Product jar package name animal_sniffer Low Product pom name Animal Sniffer Annotations High Product pom parent-groupid org.codehaus.mojo Low Product jar package name ignorejrerequirement Low Product file name animal-sniffer-annotations High Product pom parent-artifactid animal-sniffer-parent Medium Product pom groupid codehaus.mojo Low Product jar package name mojo Low Version pom version 1.14 Highest Version file version 1.14 Highest
maven: org.codehaus.mojo:animal-sniffer-annotations:1.14 Confidence :Highest guava-22.0.jarDescription:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/google/guava/guava/22.0/guava-22.0.jar
MD5: 5ba5b28f59ed2d96534ece0a72802db6
SHA1: 3564ef3803de51fb0530a8377ec6100b33b0d073
SHA256: 1158e94c7de4da480873f0b4ab4a1da14c0d23d4b1902cc94a58a6f0f9ab579e
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid guava-parent Low Vendor pom groupid google.guava Highest Vendor pom parent-groupid com.google.guava Medium Vendor Manifest bundle-docurl https://github.com/google/guava/ Low Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low Vendor file name guava High Vendor pom name Guava: Google Core Libraries for Java High Vendor pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low Vendor pom groupid com.google.guava Highest Vendor pom artifactid guava Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid com.google.guava Low Product pom groupid google.guava Low Product pom artifactid guava Highest Product pom parent-artifactid guava-parent Medium Product Manifest bundle-docurl https://github.com/google/guava/ Low Product Manifest bundle-symbolicname com.google.guava Medium Product manifest Bundle-Description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low Product file name guava High Product pom name Guava: Google Core Libraries for Java High Product pom description Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec. Low Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Version file version 22.0 Highest Version pom version 22.0 Highest
Published Vulnerabilities CVE-2018-10237 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CWE: CWE-502 Deserialization of Untrusted Data
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. Vulnerable Software & Versions: (show all )
jackson-core-2.9.5.jarDescription:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.9.5/jackson-core-2.9.5.jar
MD5: ec59f24f7f8d9acf53301c562722adf2
SHA1: a22ac51016944b06fd9ffbc9541c6e7ce5eea117
SHA256: a2bebaa325ad25455b02149c67e6052367a7d7fc1ce77de000eed284a5214eac
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest automatic-module-name com.fasterxml.jackson.core Medium Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest specification-vendor FasterXML Low Vendor Manifest implementation-build-date 2018-03-26 15:03:46+0000 Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom url FasterXML/jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom parent-artifactid jackson-base Low Vendor pom groupid fasterxml.jackson.core Highest Vendor pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Vendor file name jackson-core High Product Manifest automatic-module-name com.fasterxml.jackson.core Medium Product pom url FasterXML/jackson-core High Product pom groupid fasterxml.jackson.core Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest specification-title Jackson-core Medium Product Manifest implementation-build-date 2018-03-26 15:03:46+0000 Low Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product manifest Bundle-Description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Product Manifest Implementation-Title Jackson-core High Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product pom parent-artifactid jackson-base Medium Product pom name Jackson-core High Product Manifest Bundle-Name Jackson-core Medium Product pom parent-groupid com.fasterxml.jackson Low Product pom description Core Jackson processing abstractions (aka Streaming API), implementation for JSON Medium Product file name jackson-core High Product pom artifactid jackson-core Highest Version pom version 2.9.5 Highest Version Manifest Implementation-Version 2.9.5 High Version file version 2.9.5 Highest
cpe: cpe:/a:fasterxml:jackson:2.9.5 Confidence :Low suppress maven: com.fasterxml.jackson.core:jackson-core:2.9.5 Confidence :Highest javax.ws.rs-api-2.1.jarDescription:
Java API for RESTful Web Services (JAX-RS) License:
CDDL 1.1: https://oss.oracle.com/licenses/CDDL+GPL-1.1
GPL2 w/ CPE: https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /Users/Kevin/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.1/javax.ws.rs-api-2.1.jar
MD5: 2f754caa430ca5a51a662d6aa821a152
SHA1: 426a0862406536e690c7caa8bb6ed32191986fac
SHA256: 1a4295889416c6972addcd425dfeeee6e6ede110e8b2dc8b49044e9b400ad5db
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name javax.ws.rs-api High Vendor pom artifactid javax.ws.rs-api Low Vendor pom url http://jax-rs-spec.java.net Highest Vendor Manifest automatic-module-name java.ws.rs Medium Vendor Manifest specification-vendor Oracle Corporation Low Vendor pom name javax.ws.rs-api High Vendor pom organization name Oracle Corporation High Vendor pom groupid javax.ws.rs Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor Manifest extension-name javax.ws.rs Medium Vendor pom organization url http://www.oracle.com/ Medium Vendor pom parent-artifactid jvnet-parent Low Vendor manifest Bundle-Description Java API for RESTful Web Services (JAX-RS) Medium Vendor pom parent-groupid net.java Medium Vendor Manifest bundle-symbolicname javax.ws.rs-api Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid net.java Low Product file name javax.ws.rs-api High Product Manifest Bundle-Name javax.ws.rs-api Medium Product pom artifactid javax.ws.rs-api Highest Product Manifest automatic-module-name java.ws.rs Medium Product pom organization url http://www.oracle.com/ Low Product pom name javax.ws.rs-api High Product Manifest bundle-docurl http://www.oracle.com/ Low Product pom groupid javax.ws.rs Low Product Manifest extension-name javax.ws.rs Medium Product pom parent-artifactid jvnet-parent Medium Product manifest Bundle-Description Java API for RESTful Web Services (JAX-RS) Medium Product pom url http://jax-rs-spec.java.net Medium Product pom organization name Oracle Corporation Low Product Manifest bundle-symbolicname javax.ws.rs-api Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Version pom version 2.1 Highest Version Manifest Implementation-Version 2.1 High Version file version 2.1 Highest
maven: javax.ws.rs:javax.ws.rs-api:2.1 Confidence :Highestcpe: cpe:/a:ws_project:ws:2.1 Confidence :Low suppress osgi-resource-locator-1.0.1.jarDescription:
See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information License:
https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html File Path: /Users/Kevin/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar
MD5: 51e70ad8fc9d1e9fb19debeb55555b75
SHA1: 4ed2b2d4738aed5786cfa64cba5a332779c4c708
SHA256: 775003be577e8806f51b6e442be1033d83be2cb2207227b349be0bf16e6c0843
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information Medium Vendor pom description See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information Medium Vendor Manifest bundle-docurl https://glassfish.dev.java.net Low Vendor Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Vendor pom groupid org.glassfish.hk2 Highest Vendor file name osgi-resource-locator High Vendor pom groupid glassfish.hk2 Highest Vendor pom parent-artifactid pom Low Vendor pom artifactid osgi-resource-locator Low Vendor pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Vendor pom parent-groupid org.glassfish Medium Product pom groupid glassfish.hk2 Low Product manifest Bundle-Description See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information Medium Product pom parent-artifactid pom Medium Product pom description See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information Medium Product Manifest bundle-docurl https://glassfish.dev.java.net Low Product Manifest Bundle-Name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. Medium Product pom artifactid osgi-resource-locator Highest Product Manifest bundle-symbolicname org.glassfish.hk2.osgi-resource-locator Medium Product file name osgi-resource-locator High Product pom name OSGi resource locator bundle - used by various API providers that rely on META-INF/services mechanism to locate providers. High Product pom parent-groupid org.glassfish Low Version file version 1.0.1 Highest Version pom version 1.0.1 Highest
maven: org.glassfish.hk2:osgi-resource-locator:1.0.1 Confidence :Highest jersey-common-2.26.jarDescription:
Jersey core common packages License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /Users/Kevin/.m2/repository/org/glassfish/jersey/core/jersey-common/2.26/jersey-common-2.26.jar
MD5: 2f5dd10b3063c4a4011ff5d55accf107
SHA1: d96475745c5e72cafcbc4dc9e2e725f4d9683f21
SHA256: bc0e95153bef81c44439d25a662168226b9adee94db27c1198f9777e382b1b17
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name jersey-common High Vendor manifest Bundle-Description Jersey core common packages Medium Vendor pom parent-groupid org.glassfish.jersey Medium Vendor pom parent-artifactid project Low Vendor pom groupid glassfish.jersey.core Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor pom name jersey-core-common High Vendor pom description Jersey core common packages Medium Vendor pom groupid org.glassfish.jersey.core Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-common Medium Vendor pom artifactid jersey-common Low Product file name jersey-common High Product pom parent-groupid org.glassfish.jersey Low Product manifest Bundle-Description Jersey core common packages Medium Product pom artifactid jersey-common Highest Product pom parent-artifactid project Medium Product pom groupid glassfish.jersey.core Low Product Manifest Bundle-Name jersey-core-common Medium Product Manifest bundle-docurl http://www.oracle.com/ Low Product pom name jersey-core-common High Product pom description Jersey core common packages Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-common Medium Version pom version 2.26 Highest Version file version 2.26 Highest
maven: org.glassfish.jersey.core:jersey-common:2.26 Confidence :Highest jersey-client-2.26.jarDescription:
Jersey core client implementation License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /Users/Kevin/.m2/repository/org/glassfish/jersey/core/jersey-client/2.26/jersey-client-2.26.jar
MD5: 4383747f111621f8f78ad34837169a23
SHA1: 125b8d1040d121a5dc4ce6858e21a6160bed7afa
SHA256: 3e44b7db8691eb0b2a6751eda888150b9ba1092a5805f11e4727fd4904407a41
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.glassfish.jersey Medium Vendor pom parent-artifactid project Low Vendor pom artifactid jersey-client Low Vendor manifest Bundle-Description Jersey core client implementation Medium Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-client Medium Vendor pom groupid glassfish.jersey.core Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor file name jersey-client High Vendor pom groupid org.glassfish.jersey.core Highest Vendor pom name jersey-core-client High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom description Jersey core client implementation Medium Product pom parent-groupid org.glassfish.jersey Low Product pom parent-artifactid project Medium Product pom groupid glassfish.jersey.core Low Product manifest Bundle-Description Jersey core client implementation Medium Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-client Medium Product pom artifactid jersey-client Highest Product Manifest bundle-docurl http://www.oracle.com/ Low Product file name jersey-client High Product pom name jersey-core-client High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom description Jersey core client implementation Medium Product Manifest Bundle-Name jersey-core-client Medium Version pom version 2.26 Highest Version file version 2.26 Highest
maven: org.glassfish.jersey.core:jersey-client:2.26 Confidence :Highest jersey-media-jaxb-2.26.jarDescription:
JAX-RS features based upon JAX-B.
License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /Users/Kevin/.m2/repository/org/glassfish/jersey/media/jersey-media-jaxb/2.26/jersey-media-jaxb-2.26.jar
MD5: 14426c1253795f56b48da8c9ffc42d8d
SHA1: 791397ceb5d1c8f389664b1de3e4208c2ac1015b
SHA256: b663ed76511f19c1c7312a1cca3e3c5e6e07973d9822d2539ab2a6fad57f99b4
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.glassfish.jersey.media.jersey-media-jaxb Medium Vendor pom artifactid jersey-media-jaxb Low Vendor pom parent-artifactid project Low Vendor file name jersey-media-jaxb High Vendor manifest Bundle-Description JAX-RS features based upon JAX-B. Medium Vendor pom parent-groupid org.glassfish.jersey.media Medium Vendor pom groupid glassfish.jersey.media Highest Vendor pom name jersey-media-jaxb High Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor pom groupid org.glassfish.jersey.media Highest Vendor pom description
JAX-RS features based upon JAX-B.
Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom parent-groupid org.glassfish.jersey.media Low Product Manifest bundle-symbolicname org.glassfish.jersey.media.jersey-media-jaxb Medium Product pom parent-artifactid project Medium Product file name jersey-media-jaxb High Product Manifest Bundle-Name jersey-media-jaxb Medium Product manifest Bundle-Description JAX-RS features based upon JAX-B. Medium Product pom artifactid jersey-media-jaxb Highest Product pom name jersey-media-jaxb High Product Manifest bundle-docurl http://www.oracle.com/ Low Product pom groupid glassfish.jersey.media Low Product pom description
JAX-RS features based upon JAX-B.
Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Version pom version 2.26 Highest Version file version 2.26 Highest
maven: org.glassfish.jersey.media:jersey-media-jaxb:2.26 Confidence :Highest javax.inject-2.5.0-b42.jarDescription:
Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.html File Path: /Users/Kevin/.m2/repository/org/glassfish/hk2/external/javax.inject/2.5.0-b42/javax.inject-2.5.0-b42.jar
MD5: 70c06ad58ec733717d01efe7aa06d0dc
SHA1: 98e0b7dcef77dc04809f0603868140a1c60bea71
SHA256: 3bcf096beb918c9586be829190903090a21ac40513c1401e1b986e6030addc98
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle Medium Vendor Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Vendor pom description Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle Medium Vendor Manifest bundle-docurl http://www.oracle.com Low Vendor pom parent-groupid org.glassfish.hk2 Medium Vendor pom groupid glassfish.hk2.external Highest Vendor pom artifactid javax.inject Low Vendor pom name javax.inject:${javax-inject.version} as OSGi bundle High Vendor pom groupid org.glassfish.hk2.external Highest Vendor file name javax.inject High Vendor pom parent-artifactid external Low Product pom artifactid javax.inject Highest Product manifest Bundle-Description Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle Medium Product pom groupid glassfish.hk2.external Low Product Manifest bundle-symbolicname org.glassfish.hk2.external.javax.inject Medium Product pom description Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle Medium Product pom parent-groupid org.glassfish.hk2 Low Product Manifest bundle-docurl http://www.oracle.com Low Product pom name javax.inject:${javax-inject.version} as OSGi bundle High Product Manifest Bundle-Name javax.inject:1 as OSGi bundle Medium Product file name javax.inject High Product pom parent-artifactid external Medium Version file version 2.5.0.b42 Highest Version pom version 2.5.0-b42 Highest
maven: org.glassfish.hk2.external:javax.inject:2.5.0-b42 Confidence :Highest validation-api-1.1.0.Final.jarDescription:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5
SHA256: f39d7ba7253e35f5ac48081ec1bc28c5df9b32ac4b7db20853e5a8e76bf7b0ed
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom url http://beanvalidation.org Highest Vendor pom name Bean Validation API High Vendor pom description
Bean Validation API
Medium Vendor pom artifactid validation-api Low Vendor file name validation-api High Vendor manifest Bundle-Description Bean Validation API Medium Vendor pom groupid javax.validation Highest Vendor Manifest bundle-symbolicname javax.validation.api Medium Product pom groupid javax.validation Low Product Manifest Bundle-Name Bean Validation API Medium Product pom artifactid validation-api Highest Product pom name Bean Validation API High Product pom description
Bean Validation API
Medium Product file name validation-api High Product pom url http://beanvalidation.org Medium Product manifest Bundle-Description Bean Validation API Medium Product Manifest bundle-symbolicname javax.validation.api Medium Version pom version 1.1.0.Final Highest Version file version 1.1.0 Highest
maven: javax.validation:validation-api:1.1.0.Final Confidence :Highest jersey-server-2.26.jarDescription:
Jersey core server implementation License:
https://oss.oracle.com/licenses/CDDL+GPL-1.1, https://oss.oracle.com/licenses/CDDL+GPL-1.1 File Path: /Users/Kevin/.m2/repository/org/glassfish/jersey/core/jersey-server/2.26/jersey-server-2.26.jar
MD5: 239161e246b3f54c77c461ee15d8065b
SHA1: aa8eff3d591641dadd7c9880bb73b59bf46d4c82
SHA256: d9f7a1e0d39267eb02c87046d205f2a90e38f2d2a3be885a619263f732a47935
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description Jersey core server implementation Medium Vendor file name jersey-server High Vendor Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Vendor pom parent-groupid org.glassfish.jersey Medium Vendor pom parent-artifactid project Low Vendor pom artifactid jersey-server Low Vendor manifest Bundle-Description Jersey core server implementation Medium Vendor pom groupid glassfish.jersey.core Highest Vendor Manifest bundle-docurl http://www.oracle.com/ Low Vendor pom name jersey-core-server High Vendor pom groupid org.glassfish.jersey.core Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom description Jersey core server implementation Medium Product file name jersey-server High Product Manifest bundle-symbolicname org.glassfish.jersey.core.jersey-server Medium Product pom parent-groupid org.glassfish.jersey Low Product pom artifactid jersey-server Highest Product pom parent-artifactid project Medium Product pom groupid glassfish.jersey.core Low Product manifest Bundle-Description Jersey core server implementation Medium Product Manifest bundle-docurl http://www.oracle.com/ Low Product pom name jersey-core-server High Product Manifest Bundle-Name jersey-core-server Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Version pom version 2.26 Highest Version file version 2.26 Highest
maven: org.glassfish.jersey.core:jersey-server:2.26 Confidence :Highest jsr305-3.0.1.jarDescription:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/google/code/findbugs/jsr305/3.0.1/jsr305-3.0.1.jar
MD5: c6532beb3f7cc54a8d73d25d5602b9e4
SHA1: f7be08ec23c21485b9b5a1cf1654c2ec8c58168d
SHA256: c885ce34249682bc0236b4a7d56efcc12048e6135a5baf7a9cde8ad8cda13fcd
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name jsr305 High Vendor manifest Bundle-Description JSR305 Annotations for Findbugs Medium Vendor pom description JSR305 Annotations for Findbugs Medium Vendor pom groupid google.code.findbugs Highest Vendor pom groupid com.google.code.findbugs Highest Vendor pom url http://findbugs.sourceforge.net/ Highest Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Low Vendor pom name FindBugs-jsr305 High Product pom artifactid jsr305 Highest Product Manifest Bundle-Name FindBugs-jsr305 Medium Product file name jsr305 High Product manifest Bundle-Description JSR305 Annotations for Findbugs Medium Product pom description JSR305 Annotations for Findbugs Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom url http://findbugs.sourceforge.net/ Medium Product pom groupid google.code.findbugs Low Product pom name FindBugs-jsr305 High Version file version 3.0.1 Highest Version pom version 3.0.1 Highest
maven: com.google.code.findbugs:jsr305:3.0.1 Confidence :Highest kryo-4.0.1.jarDescription:
Fast, efficient Java serialization. This is the parent pom that assembles the main kryo and shaded kryo artifacts. License:
3-Clause BSD License: https://opensource.org/licenses/BSD-3-Clause File Path: /Users/Kevin/.m2/repository/com/esotericsoftware/kryo/4.0.1/kryo-4.0.1.jar
MD5: 654f6326f505c18d67e04c43c6ad6bef
SHA1: 5053899c213a6ce50a800d4902c5a9de49fe0098
SHA256: 05da64250f6e6488cd79a2609887fd3b9db46c37cdc6daaba88a178632bf48f9
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname com.esotericsoftware.kryo Medium Vendor manifest Bundle-Description Fast, efficient Java serialization. This is the "main" kryo artifact, with a regular dependency on reflectasm. Low Vendor file name kryo High Vendor pom name Kryo Parent High Vendor pom url EsotericSoftware/kryo Highest Vendor pom groupid esotericsoftware Highest Vendor pom artifactid kryo-parent Low Vendor pom description Fast, efficient Java serialization. This is the parent pom that assembles the main kryo and shaded kryo artifacts. Low Vendor pom groupid com.esotericsoftware Highest Product pom artifactid kryo Highest Product Manifest bundle-symbolicname com.esotericsoftware.kryo Medium Product manifest Bundle-Description Fast, efficient Java serialization. This is the "main" kryo artifact, with a regular dependency on reflectasm. Low Product pom artifactid kryo-parent Highest Product file name kryo High Product pom groupid esotericsoftware Low Product pom name Kryo Parent High Product pom url EsotericSoftware/kryo High Product Manifest Bundle-Name Kryo Medium Product pom description Fast, efficient Java serialization. This is the parent pom that assembles the main kryo and shaded kryo artifacts. Low Version file version 4.0.1 Highest Version pom version 4.0.1 Highest
maven: com.esotericsoftware:kryo-parent:4.0.1 Confidence :Highmaven: com.esotericsoftware:kryo:4.0.1 Confidence :Highest metrics-core-3.2.2.jarDescription:
Metrics is a Java library which gives you unparalleled insight into what your code does in
production. Metrics provides a powerful toolkit of ways to measure the behavior of critical
components in your production environment.
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /Users/Kevin/.m2/repository/io/dropwizard/metrics/metrics-core/3.2.2/metrics-core-3.2.2.jar
MD5: da529999d5083e800829eaab432a8a54
SHA1: cd9886f498ee2ab2d994f0c779e5553b2c450416
SHA256: 5c6f685e41664d10c70c65837cba9e58d39ff3896811e3b5707a934b11c85ad0
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.dropwizard.metrics Highest Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium Vendor pom name Metrics Core High Vendor Manifest bundle-symbolicname io.dropwizard.metrics.core Medium Vendor pom parent-artifactid metrics-parent Low Vendor pom description Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment. Low Vendor file name metrics-core High Vendor pom artifactid metrics-core Low Vendor manifest Bundle-Description Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment. Low Product pom parent-artifactid metrics-parent Medium Product pom name Metrics Core High Product pom artifactid metrics-core Highest Product Manifest bundle-symbolicname io.dropwizard.metrics.core Medium Product Manifest Bundle-Name Metrics Core Medium Product pom description Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment. Low Product pom groupid io.dropwizard.metrics Low Product Manifest Implementation-Title Metrics Core High Product file name metrics-core High Product manifest Bundle-Description Metrics is a Java library which gives you unparalleled insight into what your code does in production. Metrics provides a powerful toolkit of ways to measure the behavior of critical components in your production environment. Low Version pom version 3.2.2 Highest Version file version 3.2.2 Highest Version Manifest Implementation-Version 3.2.2 High
maven: io.dropwizard.metrics:metrics-core:3.2.2 Confidence :Highest metrics-json-3.2.2.jarDescription:
A set of Jackson modules which provide serializers for most Metrics classes.
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /Users/Kevin/.m2/repository/io/dropwizard/metrics/metrics-json/3.2.2/metrics-json-3.2.2.jar
MD5: ca842c88e0ef8bac7e674c145108fc0c
SHA1: 234612b9739a651eb2b71a8f9e9c4d11d7ccf849
SHA256: 38f50ac1f211518279031919bbcc0e02f6d6659d02dcd6f4e47e90b16851c821
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.dropwizard.metrics Highest Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium Vendor pom name Jackson Integration for Metrics High Vendor Manifest bundle-symbolicname io.dropwizard.metrics.json Medium Vendor pom artifactid metrics-json Low Vendor pom parent-artifactid metrics-parent Low Vendor manifest Bundle-Description A set of Jackson modules which provide serializers for most Metrics classes. Medium Vendor pom description
A set of Jackson modules which provide serializers for most Metrics classes.
Medium Vendor file name metrics-json High Product pom name Jackson Integration for Metrics High Product Manifest bundle-symbolicname io.dropwizard.metrics.json Medium Product pom parent-artifactid metrics-parent Medium Product pom groupid io.dropwizard.metrics Low Product manifest Bundle-Description A set of Jackson modules which provide serializers for most Metrics classes. Medium Product Manifest Implementation-Title Jackson Integration for Metrics High Product pom artifactid metrics-json Highest Product pom description
A set of Jackson modules which provide serializers for most Metrics classes.
Medium Product Manifest Bundle-Name Jackson Integration for Metrics Medium Product file name metrics-json High Version pom version 3.2.2 Highest Version file version 3.2.2 Highest Version Manifest Implementation-Version 3.2.2 High
maven: io.dropwizard.metrics:metrics-json:3.2.2 Confidence :Highest minlog-1.3.0.jarDescription:
Minimal overhead Java logging License:
New BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /Users/Kevin/.m2/repository/com/esotericsoftware/minlog/1.3.0/minlog-1.3.0.jar
MD5: 5ab0ee168b90e0ad7010b159e603d304
SHA1: ff07b5f1b01d2f92bb00a337f9a94873712f0827
SHA256: f7b399d3a5478a4f3e0d98bd1c9f47766119c66414bc33aa0f6cde0066f24cc2
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name minlog High Vendor Manifest bundle-symbolicname com.esotericsoftware.minlog Medium Vendor Manifest Implementation-Vendor-Id com.esotericsoftware Medium Vendor pom url EsotericSoftware/minlog Highest Vendor pom name MinLog High Vendor pom groupid esotericsoftware Highest Vendor manifest Bundle-Description Minimal overhead Java logging Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom description Minimal overhead Java logging Medium Vendor pom groupid com.esotericsoftware Highest Vendor pom artifactid minlog Low Product file name minlog High Product pom artifactid minlog Highest Product pom groupid esotericsoftware Low Product pom name MinLog High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom description Minimal overhead Java logging Medium Product Manifest Bundle-Name MinLog Medium Product Manifest Implementation-Title MinLog High Product Manifest bundle-symbolicname com.esotericsoftware.minlog Medium Product Manifest specification-title MinLog Medium Product pom url EsotericSoftware/minlog High Product manifest Bundle-Description Minimal overhead Java logging Medium Version file version 1.3.0 Highest Version Manifest Implementation-Version 1.3.0 High Version pom version 1.3.0 Highest
maven: com.esotericsoftware:minlog:1.3.0 Confidence :Highest netty-3.10.5.Final.jarDescription:
The Netty project is an effort to provide an asynchronous event-driven
network application framework and tools for rapid development of
maintainable high performance and high scalability protocol servers and
clients. In other words, Netty is a NIO client server framework which
enables quick and easy development of network applications such as protocol
servers and clients. It greatly simplifies and streamlines network
programming such as TCP and UDP socket server.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/Kevin/.m2/repository/io/netty/netty/3.10.5.Final/netty-3.10.5.Final.jar
MD5: 14466fef5f114f444c688f7977e9dbce
SHA1: 9ca7d55d246092bddd29b867706e2f6c7db701a0
SHA256: eb031acf8a00733481bcd60807925ecfc9ce3840f13823d4b96cdcb1132db1da
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description The Netty project is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications ... Low Vendor pom name Netty High Vendor pom artifactid netty Low Vendor Manifest bundle-docurl http://netty.io/ Low Vendor pom groupid io.netty Highest Vendor file name netty High Vendor pom organization url http://netty.io/ Medium Vendor Manifest bundle-symbolicname org.jboss.netty Medium Vendor pom description The Netty project is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications ... Low Vendor pom organization name The Netty Project High Vendor pom url http://netty.io/ Highest Product pom organization url http://netty.io/ Low Product manifest Bundle-Description The Netty project is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications ... Low Product Manifest Bundle-Name Netty Medium Product file name netty High Product pom artifactid netty Highest Product pom organization name The Netty Project Low Product pom groupid io.netty Low Product pom name Netty High Product pom url http://netty.io/ Medium Product Manifest bundle-docurl http://netty.io/ Low Product Manifest bundle-symbolicname org.jboss.netty Medium Product pom description The Netty project is an effort to provide an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which enables quick and easy development of network applications ... Low Version pom version 3.10.5.Final Highest Version file version 3.10.5 Highest
maven: io.netty:netty:3.10.5.Final Confidence :Highestcpe: cpe:/a:netty_project:netty:3.10.5 Confidence :Low suppress netty-transport-4.1.8.Final.jarDescription:
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. License:
http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/Kevin/.m2/repository/io/netty/netty-transport/4.1.8.Final/netty-transport-4.1.8.Final.jar
MD5: 3d75a3e599aa9739e10a7aa191c3b00c
SHA1: 905b5dadce881c9824b3039c0df36dabbb7b6a07
SHA256: 6581c964501166daeb62792edf2a1f1ad63e348dd02b9ab228efd8ed3cce2d4a
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid netty-transport Low Vendor pom name Netty/Transport High Vendor file name netty-transport High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid io.netty Highest Vendor Manifest implementation-url http://netty.io/netty-transport/ Low Vendor Manifest Implementation-Vendor-Id io.netty Medium Vendor pom parent-artifactid netty-parent Low Vendor Manifest bundle-symbolicname io.netty.transport Medium Vendor manifest Bundle-Description Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. Low Vendor Manifest bundle-docurl http://netty.io/ Low Vendor Manifest Implementation-Vendor The Netty Project High Product pom name Netty/Transport High Product file name netty-transport High Product pom parent-artifactid netty-parent Medium Product Manifest Implementation-Title Netty/Transport High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom artifactid netty-transport Highest Product Manifest implementation-url http://netty.io/netty-transport/ Low Product Manifest bundle-symbolicname io.netty.transport Medium Product manifest Bundle-Description Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients. Low Product pom groupid io.netty Low Product Manifest bundle-docurl http://netty.io/ Low Product Manifest Bundle-Name Netty/Transport Medium Version Manifest Implementation-Version 4.1.8.Final High Version pom version 4.1.8.Final Highest Version file version 4.1.8 Highest
Related Dependencies netty-transport-native-epoll-4.1.8.Final.jarFile Path: /Users/Kevin/.m2/repository/io/netty/netty-transport-native-epoll/4.1.8.Final/netty-transport-native-epoll-4.1.8.Final.jar MD5: cfc17b249d081eb01982b14c61232f84 SHA1: de9052874d9ff9b411bfc465869f620cab643d8d SHA256: 4be1a82fc0f95a79291fa6b98a15981260ad761f9a4395e5193b4535f6427dba netty-common-4.1.8.Final.jarFile Path: /Users/Kevin/.m2/repository/io/netty/netty-common/4.1.8.Final/netty-common-4.1.8.Final.jar MD5: 95a7ce5bcbc6b08e9247065299734296 SHA1: ee62c80318413d2375d145e51e48d7d35c901324 SHA256: 1c063fb2acaeeea08ca7affd4400f5b28dec0fcf42a7d3f44155877303e64964 netty-codec-4.1.8.Final.jarFile Path: /Users/Kevin/.m2/repository/io/netty/netty-codec/4.1.8.Final/netty-codec-4.1.8.Final.jar MD5: 3a0e43278301f9f9f5a12ce32aa554ff SHA1: 1bd0a2d032e5c7fc3f42c1b483d0f4c57eb516a3 SHA256: 16090c8da8fd2f59e4cae78bb66d2ef691329407edb877bff3a4d2a628e5b139 netty-buffer-4.1.8.Final.jarFile Path: /Users/Kevin/.m2/repository/io/netty/netty-buffer/4.1.8.Final/netty-buffer-4.1.8.Final.jar MD5: 8b09f2f0814cbb41b5967d74631e55ac SHA1: 43292c2622e340a0d07178c341ca3bdf3d662034 SHA256: 2e71cab827b71f726f6c4c02178fccef0e9e3d8968ec40841ed94d1d8b802b6a netty-handler-4.1.8.Final.jarFile Path: /Users/Kevin/.m2/repository/io/netty/netty-handler/4.1.8.Final/netty-handler-4.1.8.Final.jar MD5: 8198bb47e0d395c130f4298f58e4013b SHA1: db01139bfb11afd009a695eef55b43bbf22c4ef5 SHA256: 580312c6cbc8697aa29a8b3e7bf53b39556f7f32e1990edd60fe807cd8330983 netty-resolver-4.1.8.Final.jarFile Path: /Users/Kevin/.m2/repository/io/netty/netty-resolver/4.1.8.Final/netty-resolver-4.1.8.Final.jar MD5: 64110bc2c72bc51660451e43287f6c88 SHA1: 2e116cdd5edc01b2305072b1dbbd17c0595dbfef SHA256: 5081e0487d601cdedb4ac79ceafb3b35f82b543cf0db752934b0b59bd33c01b9 maven: io.netty:netty-transport:4.1.8.Final Confidence :Highestcpe: cpe:/a:netty_project:netty:4.1.8 Confidence :Low suppress objenesis-2.6.jarDescription:
A library for instantiating Java objects License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/objenesis/objenesis/2.6/objenesis-2.6.jar
MD5: 5ffac3f51405ca9b2915970a224b3e8f
SHA1: 639033469776fd37c08358c6b92a4761feb2af4b
SHA256: 5e168368fbc250af3c79aa5fef0c3467a2d64e5a7bd74005f25d8399aeb0708d
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name objenesis High Vendor Manifest implementation-url http://objenesis.org Low Vendor pom artifactid objenesis Low Vendor pom groupid org.objenesis Highest Vendor pom parent-groupid org.objenesis Medium Vendor pom name Objenesis High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom url http://objenesis.org Highest Vendor manifest Bundle-Description A library for instantiating Java objects Medium Vendor Manifest bundle-symbolicname org.objenesis Medium Vendor Manifest Implementation-Vendor-Id org.objenesis Medium Vendor pom groupid objenesis Highest Vendor Manifest Implementation-Vendor Joe Walnes, Henri Tremblay, Leonardo Mesquita High Vendor Manifest specification-vendor Joe Walnes, Henri Tremblay, Leonardo Mesquita Low Vendor pom description A library for instantiating Java objects Medium Vendor pom parent-artifactid objenesis-parent Low Product file name objenesis High Product Manifest Bundle-Name Objenesis Medium Product Manifest implementation-url http://objenesis.org Low Product pom artifactid objenesis Highest Product pom name Objenesis High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid objenesis Low Product pom url http://objenesis.org Medium Product manifest Bundle-Description A library for instantiating Java objects Medium Product Manifest bundle-symbolicname org.objenesis Medium Product Manifest specification-title Objenesis Medium Product pom parent-groupid org.objenesis Low Product Manifest Implementation-Title Objenesis High Product pom description A library for instantiating Java objects Medium Product pom parent-artifactid objenesis-parent Medium Version pom version 2.6 Highest Version Manifest Implementation-Version 2.6 High Version file version 2.6 Highest
maven: org.objenesis:objenesis:2.6 Confidence :Highest org.apache.felix.scr-1.8.2.jarDescription:
Implementation of the Declarative Services specification 1.2
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/felix/org.apache.felix.scr/1.8.2/org.apache.felix.scr-1.8.2.jar
MD5: ce9db4e6958cbd7e555cec48fdcd35fc
SHA1: c3047d56ee57de0752821fd9c3894dda664f2e37
SHA256: 19d395d8800d5546397211edc209e2e42d0ee500c93aca9d04ce69e4288f41d9
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name Apache Felix Declarative Services High Vendor file name org.apache.felix.scr High Vendor Manifest bundle-symbolicname org.apache.felix.scr Medium Vendor pom groupid apache.felix Highest Vendor pom artifactid apache.felix.scr Low Vendor manifest Bundle-Description Implementation of the Declarative Services specification 1.2 Medium Vendor pom groupid org.apache.felix Highest Vendor Manifest bundle-docurl http://felix.apache.org/site/apache-felix-service-component-runtime.html Low Vendor pom parent-artifactid felix-parent Low Vendor pom parent-groupid org.apache.felix Medium Vendor pom description
Implementation of the Declarative Services specification 1.2
Medium Product pom parent-artifactid felix-parent Medium Product manifest Bundle-Description Implementation of the Declarative Services specification 1.2 Medium Product Manifest Bundle-Name Apache Felix Declarative Services Medium Product pom description
Implementation of the Declarative Services specification 1.2
Medium Product pom name Apache Felix Declarative Services High Product file name org.apache.felix.scr High Product Manifest bundle-symbolicname org.apache.felix.scr Medium Product pom artifactid apache.felix.scr Highest Product pom artifactid org.apache.felix.scr Highest Product pom groupid apache.felix Low Product Manifest bundle-docurl http://felix.apache.org/site/apache-felix-service-component-runtime.html Low Product pom parent-groupid org.apache.felix Low Version file version 1.8.2 Highest Version pom version 1.8.2 Highest
maven: org.apache.felix:org.apache.felix.scr:1.8.2 Confidence :Highest org.apache.felix.scr.annotations-1.9.12.jarDescription:
Annotations for generating OSGi service descriptors.
File Path: /Users/Kevin/.m2/repository/org/apache/felix/org.apache.felix.scr.annotations/1.9.12/org.apache.felix.scr.annotations-1.9.12.jarMD5: e229f035b91f99b188304c7d493125d9SHA1: 5fdc34da641dda8b9165c2be93211479a186da9cSHA256: c1d6895b5f45351dfbc4290698aeab00ad013339067abfbe73c047b795e72c47Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description
Annotations for generating OSGi service descriptors.
Medium Vendor pom groupid apache.felix Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom groupid org.apache.felix Highest Vendor Manifest Implementation-Vendor-Id org.apache.felix Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid felix-parent Low Vendor pom name Annotations for SCR High Vendor file name org.apache.felix.scr.annotations High Vendor pom parent-groupid org.apache.felix Medium Vendor pom artifactid apache.felix.scr.annotations Low Product pom description
Annotations for generating OSGi service descriptors.
Medium Product pom parent-artifactid felix-parent Medium Product Manifest Implementation-Title Annotations for SCR High Product pom artifactid apache.felix.scr.annotations Highest Product pom groupid apache.felix Low Product Manifest specification-title Annotations for SCR Medium Product pom name Annotations for SCR High Product file name org.apache.felix.scr.annotations High Product pom parent-groupid org.apache.felix Low Product pom artifactid org.apache.felix.scr.annotations Highest Version file version 1.9.12 Highest Version Manifest Implementation-Version 1.9.12 High Version pom version 1.9.12 Highest
maven: org.apache.felix:org.apache.felix.scr.annotations:1.9.12 Confidence :Highest jansi-1.11.jarDescription:
Jansi is a java library for generating and interpreting ANSI escape sequences. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar
MD5: e8bd19df14afe8a0f4e2a44d57c0cd8b
SHA1: 655c643309c2f45a56a747fda70e3fadf57e9f11
SHA256: 9e82163ed2fc6257fe627132ce554726e796edee4e5efe9d9e523aee217d60b8
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.fusesource.jansi Highest Vendor Manifest Implementation-Vendor-Id org.fusesource.jansi Medium Vendor Manifest bundle-symbolicname org.fusesource.jansi Medium Vendor jar package name fusesource Low Vendor manifest Bundle-Description Jansi is a java library for generating and interpreting ANSI escape sequences. Medium Vendor Manifest Implementation-Vendor FuseSource, Corp. High Vendor jar package name jansi Low Vendor Manifest bundle-docurl http://fusesource.com/ Low Vendor file name jansi High Product Manifest bundle-symbolicname org.fusesource.jansi Medium Product manifest Bundle-Description Jansi is a java library for generating and interpreting ANSI escape sequences. Medium Product Manifest Bundle-Name jansi Medium Product jar package name jansi Low Product Manifest specification-title jansi Medium Product Manifest bundle-docurl http://fusesource.com/ Low Product file name jansi High Product Manifest Implementation-Title jansi High Product pom artifactid jansi Highest Version file version 1.11 Highest Version pom version 1.11 Highest Version Manifest Implementation-Version 1.11 High
maven: org.fusesource.jansi:jansi:1.11 Confidence :Highest jline-2.13.jarLicense:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /Users/Kevin/.m2/repository/jline/jline/2.13/jline-2.13.jar
MD5: f251ba666cccb260ff7215b2cbeee8d4
SHA1: 2d9530d0a25daffaffda7c35037b046b627bb171
SHA256: a6d2c9c0ddff7702662073b69c6dc4ec83011d22e4eb2dada28aa2d66ee47f97
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom name JLine High Vendor pom artifactid jline Low Vendor pom groupid jline Highest Vendor file name jline High Vendor Manifest bundle-symbolicname jline Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom artifactid jline Highest Product Manifest Bundle-Name JLine Medium Product pom name JLine High Product file name jline High Product pom groupid jline Low Product Manifest bundle-symbolicname jline Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Version file version 2.13 Highest Version pom version 2.13 Highest
maven: jline:jline:2.13 Confidence :Highest org.apache.felix.fileinstall-3.5.2.jarDescription:
A utility to automatically install bundles from a directory. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/felix/org.apache.felix.fileinstall/3.5.2/org.apache.felix.fileinstall-3.5.2.jar
MD5: 0d776d72e918612e16004bab2d22eea2
SHA1: 69e816d6d24a1c5807924ba572c62c26e5e64102
SHA256: ac9074e2d92327384d06b5fabaf1c2e81f0f116a7b237b93f3170bb20b24518d
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description A utility to automatically install bundles from a directory. Medium Vendor pom groupid org.apache.felix Highest Vendor pom name Apache Felix File Install High Vendor pom url http://felix.apache.org/site/apache-felix-file-install.html Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-artifactid felix-parent Low Vendor file name org.apache.felix.fileinstall High Vendor pom groupid apache.felix Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom description A utility to automatically install bundles from a directory. Medium Vendor Manifest bundle-symbolicname org.apache.felix.fileinstall Medium Vendor Manifest Implementation-Vendor-Id org.apache.felix Medium Vendor pom parent-groupid org.apache.felix Medium Vendor pom artifactid apache.felix.fileinstall Low Vendor Manifest bundle-docurl http://felix.apache.org/site/apache-felix-file-install.html Low Product pom parent-artifactid felix-parent Medium Product pom artifactid apache.felix.fileinstall Highest Product manifest Bundle-Description A utility to automatically install bundles from a directory. Medium Product pom name Apache Felix File Install High Product Manifest specification-title Apache Felix File Install Medium Product file name org.apache.felix.fileinstall High Product Manifest Implementation-Title Apache Felix File Install High Product pom artifactid org.apache.felix.fileinstall Highest Product Manifest Bundle-Name Apache Felix File Install Medium Product pom description A utility to automatically install bundles from a directory. Medium Product Manifest bundle-symbolicname org.apache.felix.fileinstall Medium Product pom groupid apache.felix Low Product pom url http://felix.apache.org/site/apache-felix-file-install.html Medium Product pom parent-groupid org.apache.felix Low Product Manifest bundle-docurl http://felix.apache.org/site/apache-felix-file-install.html Low Version file version 3.5.2 Highest Version Manifest Implementation-Version 3.5.2 High Version pom version 3.5.2 Highest
maven: org.apache.felix:org.apache.felix.fileinstall:3.5.2 Confidence :Highest sshd-core-0.14.0.jarDescription:
The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. License:
http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/Kevin/.m2/repository/org/apache/sshd/sshd-core/0.14.0/sshd-core-0.14.0.jar
MD5: 8bcae42c76576a8cfc39db56d7418e37
SHA1: cb12fa1b1b07fb5ce3aa4f99b189743897bd4fca
SHA256: cbbc0ea7ce78572770185acbaa684af809025e2e32c948de57e0d3fb936d7b55
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.sshd Highest Vendor Manifest bundle-symbolicname org.apache.sshd.core Medium Vendor pom parent-groupid org.apache.sshd Medium Vendor pom artifactid sshd-core Low Vendor pom groupid apache.sshd Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor manifest Bundle-Description The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom parent-artifactid sshd Low Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest Implementation-Vendor-Id org.apache.sshd Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Apache Mina SSHD :: Core High Vendor file name sshd-core High Product Manifest bundle-symbolicname org.apache.sshd.core Medium Product Manifest Bundle-Name Apache Mina SSHD :: Core Medium Product Manifest specification-title Apache Mina SSHD :: Core Medium Product pom parent-groupid org.apache.sshd Low Product manifest Bundle-Description The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users. Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom groupid apache.sshd Low Product pom parent-artifactid sshd Medium Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Implementation-Title Apache Mina SSHD :: Core High Product pom name Apache Mina SSHD :: Core High Product file name sshd-core High Product pom artifactid sshd-core Highest Version Manifest Implementation-Version 0.14.0 High Version file version 0.14.0 Highest Version pom version 0.14.0 Highest
maven: org.apache.sshd:sshd-core:0.14.0 Confidence :Highest org.apache.karaf.system.core-3.0.8.jarDescription:
This bundle provides services to manipulate the Karaf container itself (system).
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/karaf/system/org.apache.karaf.system.core/3.0.8/org.apache.karaf.system.core-3.0.8.jar
MD5: 00dd26737f49950467381b32473e7ebf
SHA1: 80378de4aeae603889d3408489ff5b9918e6064c
SHA256: 3e1397c8b09a90ddb591e0815371ffd962d244747c3ddd2dc475f312610cc21b
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-blueprint OSGI-INF/blueprint/system-core.xml Low Vendor manifest Bundle-Description This bundle provides services to manipulate the Karaf container itself (system). Medium Vendor pom parent-artifactid system Low Vendor pom groupid apache.karaf.system Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor Manifest import-service org.apache.aries.blueprint.NamespaceHandler;filter=(osgi.service.blueprint.namespace=http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0) Low Vendor pom parent-groupid org.apache.karaf.system Medium Vendor file name org.apache.karaf.system.core High Vendor Manifest bundle-symbolicname org.apache.karaf.system.core Medium Vendor pom description
This bundle provides services to manipulate the Karaf container itself (system).
Medium Vendor pom name Apache Karaf :: System :: Core High Vendor pom groupid org.apache.karaf.system Highest Vendor pom artifactid apache.karaf.system.core Low Product Manifest bundle-blueprint OSGI-INF/blueprint/system-core.xml Low Product manifest Bundle-Description This bundle provides services to manipulate the Karaf container itself (system). Medium Product Manifest Bundle-Name Apache Karaf :: System :: Core Medium Product pom artifactid org.apache.karaf.system.core Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom groupid apache.karaf.system Low Product Manifest bundle-docurl http://www.apache.org/ Low Product pom artifactid apache.karaf.system.core Highest Product Manifest import-service org.apache.aries.blueprint.NamespaceHandler;filter=(osgi.service.blueprint.namespace=http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0) Low Product pom parent-groupid org.apache.karaf.system Low Product file name org.apache.karaf.system.core High Product Manifest bundle-symbolicname org.apache.karaf.system.core Medium Product pom parent-artifactid system Medium Product pom description
This bundle provides services to manipulate the Karaf container itself (system).
Medium Product pom name Apache Karaf :: System :: Core High Version pom version 3.0.8 Highest Version file version 3.0.8 Highest
Related Dependencies org.apache.karaf.features.core-3.0.8.jarFile Path: /Users/Kevin/.m2/repository/org/apache/karaf/features/org.apache.karaf.features.core/3.0.8/org.apache.karaf.features.core-3.0.8.jar MD5: d183f040c3f217c74da31cd908506a64 SHA1: 4a8bf5dbe10e120158cb69295388274f834ae37a SHA256: d958d6bdf747576d5a8a878196aabf75dff00d47ccd8eaaa083685ba4394e86d org.apache.karaf.jaas.modules-3.0.8.jarFile Path: /Users/Kevin/.m2/repository/org/apache/karaf/jaas/org.apache.karaf.jaas.modules/3.0.8/org.apache.karaf.jaas.modules-3.0.8.jar MD5: 7504ba8b01b2ef7f329e3b442d43d278 SHA1: e4c97dac488898af1dda2b2cbf5b66318339cd29 SHA256: c9a0ceba8661947b4f16b3b5d2e9582d75678b315aabd91956d5fdfc3d83b021 org.apache.karaf.shell.console-3.0.8.jarFile Path: /Users/Kevin/.m2/repository/org/apache/karaf/shell/org.apache.karaf.shell.console/3.0.8/org.apache.karaf.shell.console-3.0.8.jar MD5: 64893dc43afd4fa99929b9bcbc58c009 SHA1: 5bf3e409d2e73bef560face9740b8c1234909b83 SHA256: fbaf38c8dcc5a86116c01c863f0360cab025fbc6b40a08e6823c969c959da716 org.apache.karaf.jaas.config-3.0.8.jarFile Path: /Users/Kevin/.m2/repository/org/apache/karaf/jaas/org.apache.karaf.jaas.config/3.0.8/org.apache.karaf.jaas.config-3.0.8.jar MD5: d6515cce7f62ee30442d6cdf5a8e794e SHA1: ce95afa7a073f0ae093b9bef6ee4fe2d4eaa90c0 SHA256: 29210f6266b8c1a3047d760726f7ce7b32e22a5c60f485cc57cbf5bf40ec75ab maven: org.apache.karaf.system:org.apache.karaf.system.core:3.0.8 Confidence :Highestcpe: cpe:/a:apache:karaf:3.0.8 Confidence :Low suppress Published Vulnerabilities CVE-2014-0219 suppress
Severity:Low CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
Apache Karaf enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. Vulnerable Software & Versions:
xml-apis-1.0.b2.jarDescription:
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar
MD5: 458715c0f7646a56b1c6ad3138098beb
SHA1: 3136ca936f64c9d68529f048c2618bd356bf85c9
SHA256: 8232f3482c346d843e5e3fb361055771c1acc105b6d8a189eb9018c55948cf9f
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid xml-apis Highest Vendor pom organization name Apache Software Foundation High Vendor pom name XML Commons External Components XML APIs High Vendor manifest: javax/xml/transform/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor pom organization url http://www.apache.org/ Medium Vendor file name xml-apis High Vendor pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low Vendor pom url http://xml.apache.org/commons/#external Highest Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor manifest: javax/xml/parsers/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid xml-apis Low Product pom organization url http://www.apache.org/ Low Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 2 Core Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product pom organization name Apache Software Foundation Low Product pom name XML Commons External Components XML APIs High Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product file name xml-apis High Product pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low Product pom artifactid xml-apis Highest Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium Product pom url http://xml.apache.org/commons/#external Medium Product pom groupid xml-apis Low Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Version pom version 1.0.b2 Highest Version file version 1.0.b2 Highest
maven: xml-apis:xml-apis:1.0.b2 Confidence :Highest org.apache.servicemix.bundles.dom4j-1.6.1_5.jarDescription:
This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/servicemix/bundles/org.apache.servicemix.bundles.dom4j/1.6.1_5/org.apache.servicemix.bundles.dom4j-1.6.1_5.jar
MD5: 23883e3957d1ca226220db6f9c2964bb
SHA1: f5da21ae9508008f7b28001983adc143cb310ad7
SHA256: 15abe1ccad24f4fd71a926959f1acd64d84878348deee12dcf4928ee4f1db3d5
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor pom artifactid apache.servicemix.bundles.dom4j Low Vendor pom groupid apache.servicemix.bundles Highest Vendor pom groupid org.apache.servicemix.bundles Highest Vendor file name org.apache.servicemix.bundles.dom4j High Vendor pom parent-groupid org.apache.servicemix.bundles Medium Vendor Manifest bundle-symbolicname org.apache.servicemix.bundles.dom4j Medium Vendor pom description This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file. Medium Vendor pom name Apache ServiceMix :: Bundles :: ${pkgArtifactId} High Vendor manifest Bundle-Description This OSGi bundle wraps dom4j 1.6.1 jar file. Medium Vendor pom parent-artifactid bundles-pom Low Product pom description This OSGi bundle wraps ${pkgArtifactId} ${pkgVersion} jar file. Medium Product pom name Apache ServiceMix :: Bundles :: ${pkgArtifactId} High Product pom artifactid apache.servicemix.bundles.dom4j Highest Product pom parent-artifactid bundles-pom Medium Product Manifest bundle-docurl http://www.apache.org/ Low Product Manifest Bundle-Name Apache ServiceMix :: Bundles :: dom4j Medium Product pom parent-groupid org.apache.servicemix.bundles Low Product pom artifactid org.apache.servicemix.bundles.dom4j Highest Product file name org.apache.servicemix.bundles.dom4j High Product Manifest bundle-symbolicname org.apache.servicemix.bundles.dom4j Medium Product manifest Bundle-Description This OSGi bundle wraps dom4j 1.6.1 jar file. Medium Product pom groupid apache.servicemix.bundles Low Version file version 1.6.1.5 Highest Version pom version 1.6.1_5 Highest
maven: org.apache.servicemix.bundles:org.apache.servicemix.bundles.dom4j:1.6.1_5 Confidence :Highestcpe: cpe:/a:dom4j_project:dom4j:1.6.1.5 Confidence :Low suppress org.osgi.compendium-5.0.0.jarDescription:
OSGi Compendium Release 5, Interfaces and Classes for use in compiling bundles.
License:
Apache License, Version 2.0
:
http://opensource.org/licenses/apache2.0.php
File Path: /Users/Kevin/.m2/repository/org/osgi/org.osgi.compendium/5.0.0/org.osgi.compendium-5.0.0.jar
MD5: 9536e0ce63ca8c06eacec820c88fccf7
SHA1: 9d7a9c35591f6fa1c98ac85af32775c12361aee4
SHA256: f1ef32cc1530f4e66aac606c24363b627ace4780a7737b045bfb3b908d801bcd
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name
osgi.cmpn
High Vendor manifest Bundle-Description OSGi Compendium Release 5, Interfaces and Classes for use in compiling bundles. Medium Vendor pom description
OSGi Compendium Release 5, Interfaces and Classes for use in compiling bundles.
Medium Vendor Manifest bundle-symbolicname osgi.cmpn Medium Vendor pom organization name
OSGi Alliance
High Vendor pom url
http://www.osgi.org
Highest Vendor pom groupid
org.osgi
Highest Vendor pom groupid org.osgi Highest Vendor pom organization url
http://www.osgi.org
Medium Vendor file name org.osgi.compendium High Vendor pom artifactid
org.osgi.compendium
Low Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2013). All Rights Reserved. Low Product pom artifactid org.osgi.compendium Highest Product pom name
osgi.cmpn
High Product manifest Bundle-Description OSGi Compendium Release 5, Interfaces and Classes for use in compiling bundles. Medium Product pom organization name
OSGi Alliance
Low Product pom description
OSGi Compendium Release 5, Interfaces and Classes for use in compiling bundles.
Medium Product Manifest bundle-symbolicname osgi.cmpn Medium Product pom artifactid
org.osgi.compendium
Highest Product pom organization url
http://www.osgi.org
Low Product pom url
http://www.osgi.org
Medium Product file name org.osgi.compendium High Product Manifest Bundle-Name osgi.cmpn Medium Product pom groupid
org.osgi
Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2013). All Rights Reserved. Low Version file version 5.0.0 Highest Version pom version
5.0.0
Highest Version pom version 5.0.0 Highest
maven: org.osgi:org.osgi.compendium:5.0.0 Confidence :Highestmaven:
org.osgi
:
org.osgi.compendium
:
5.0.0
Confidence :High org.osgi.core-5.0.0.jarDescription:
OSGi Service Platform Release 5 Version 5.0, Core Interfaces
and Classes for use in compiling bundles.
License:
Apache License, Version 2.0
:
http://opensource.org/licenses/apache2.0.php
File Path: /Users/Kevin/.m2/repository/org/osgi/org.osgi.core/5.0.0/org.osgi.core-5.0.0.jar
MD5: dce566ce791ffc76e074ff7009d5e795
SHA1: 6e5e8cd3c9059c08e1085540442a490b59a7783c
SHA256: b440c6bff286332afcf5cae067b606962e761c0df00e5fd8a746f0b31265619b
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name org.osgi.core High Vendor pom name
osgi.core
High Vendor pom artifactid
org.osgi.core
Low Vendor pom organization name
OSGi Alliance
High Vendor pom url
http://www.osgi.org
Highest Vendor pom groupid
org.osgi
Highest Vendor pom description OSGi Service Platform Release 5 Version 5.0, Core Interfaces and Classes for use in compiling bundles. Low Vendor pom groupid org.osgi Highest Vendor pom organization url
http://www.osgi.org
Medium Vendor Manifest bundle-symbolicname osgi.core Medium Vendor manifest Bundle-Description OSGi Service Platform Release 5 Version 5.0, Core Interfaces and Classes for use in compiling bundles. Low Vendor Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2012). All Rights Reserved. Low Product file name org.osgi.core High Product pom artifactid org.osgi.core Highest Product pom name
osgi.core
High Product pom organization name
OSGi Alliance
Low Product Manifest Bundle-Name osgi.core Medium Product pom description OSGi Service Platform Release 5 Version 5.0, Core Interfaces and Classes for use in compiling bundles. Low Product pom organization url
http://www.osgi.org
Low Product pom url
http://www.osgi.org
Medium Product Manifest bundle-symbolicname osgi.core Medium Product pom artifactid
org.osgi.core
Highest Product manifest Bundle-Description OSGi Service Platform Release 5 Version 5.0, Core Interfaces and Classes for use in compiling bundles. Low Product Manifest bundle-copyright Copyright (c) OSGi Alliance (2000, 2012). All Rights Reserved. Low Product pom groupid
org.osgi
Low Version file version 5.0.0 Highest Version pom version
5.0.0
Highest Version pom version 5.0.0 Highest
maven:
org.osgi
:
org.osgi.core
:
5.0.0
Confidence :Highmaven: org.osgi:org.osgi.core:5.0.0 Confidence :Highest reflectasm-1.11.0.jarDescription:
High performance Java reflection using code generation License:
New BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /Users/Kevin/.m2/repository/com/esotericsoftware/reflectasm/1.11.0/reflectasm-1.11.0.jar
MD5: dc5442d63ff26a0e5d52fbc21a2831ca
SHA1: f747d8b017a26bac575f8da14e8c1df6aecd3154
SHA256: eef46e43a6861cdbb3356295644341a48d9a4c1cf753eb5f03cf7bff3a07d180
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description High performance Java reflection using code generation Medium Vendor pom description High performance Java reflection using code generation Medium Vendor pom url EsotericSoftware/reflectasm Highest Vendor pom name ReflectASM High Vendor Manifest bundle-symbolicname com.esotericsoftware.reflectasm Medium Vendor pom artifactid reflectasm Low Vendor pom groupid esotericsoftware Highest Vendor file name reflectasm High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor pom groupid com.esotericsoftware Highest Product pom artifactid reflectasm Highest Product manifest Bundle-Description High performance Java reflection using code generation Medium Product pom description High performance Java reflection using code generation Medium Product pom groupid esotericsoftware Low Product pom name ReflectASM High Product Manifest bundle-symbolicname com.esotericsoftware.reflectasm Medium Product Manifest Bundle-Name ReflectASM Medium Product file name reflectasm High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom url EsotericSoftware/reflectasm High Version pom version 1.11.0 Highest Version file version 1.11.0 Highest
maven: com.esotericsoftware:reflectasm:1.11.0 Confidence :Highest onlab-misc-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onlab-misc/1.13.1/onlab-misc-1.13.1.jarMD5: 9ce1d887af9b5a5239db89a37a79b075SHA1: d9fe6097075105ba5f1e8a877bd83f39fd909e03SHA256: b9780130eeab5196cca32706f22cbb6969373c2fd7a26fcbee9881ca373cbc1cReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name onlab-misc High Vendor pom parent-groupid org.onosproject Medium Vendor Manifest bundle-symbolicname org.onosproject.onlab-misc Medium Vendor pom groupid onosproject Highest Vendor pom artifactid onlab-misc Low Vendor pom parent-artifactid onos-base Low Vendor pom name onlab-misc High Vendor pom groupid org.onosproject Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name onlab-misc High Product Manifest Bundle-Name onlab-misc Medium Product pom parent-artifactid onos-base Medium Product Manifest bundle-symbolicname org.onosproject.onlab-misc Medium Product pom parent-groupid org.onosproject Low Product pom name onlab-misc High Product pom artifactid onlab-misc Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom groupid onosproject Low Version file version 1.13.1 Highest Version pom version 1.13.1 Highest
Related Dependencies onlab-osgi-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onlab-osgi/1.13.1/onlab-osgi-1.13.1.jar MD5: 90815fca6192e753f6224314e0c1d2f8 SHA1: d67d6cafda6c24120b0158ebc2668a496b51bfbb SHA256: 7c2a118e64afbbde35ef6ccb6099ad7965ae585095fa9e94ff7901e460b69df8 cpe: cpe:/a:onosproject:onos:1.13.1 onlab-rest-1.13.1.jarFile Path: /Users/Kevin/.m2/repository/org/onosproject/onlab-rest/1.13.1/onlab-rest-1.13.1.jar MD5: 4f0e619c4d1f2eca8d4561b672317262 SHA1: ea5b6163069b753e758990564e36578ade68a85f SHA256: 95f38510253c483f1cd936a1d495d0ba202b633ed11c21387740fe3b57ef566f cpe: cpe:/a:onosproject:onos:1.13.1 Published Vulnerabilities CVE-2018-1000614 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message. Vulnerable Software & Versions:
CVE-2018-1000615 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.. Vulnerable Software & Versions:
CVE-2018-1000616 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\drivers\utilities\src\main\java\org\onosproject\drivers\utilities\XmlConfigParser.java loadxml() that can result in An adversary can remotely launch XXE attacks on ONOS controller via an OpenConfig Terminal Device.. This attack appear to be exploitable via network connectivity. Vulnerable Software & Versions:
lucene-analyzers-common-7.0.1.jarDescription:
Additional Analyzers File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-analyzers-common/7.0.1/lucene-analyzers-common-7.0.1.jarMD5: ea1472f430211c927563e47672a0bd3dSHA1: 5f6b74b083e5925b00bb89a1146c76c9a0b208e0SHA256: f431e9c0b398c3dfd129e5c27f9badfc67c627de2eada2c786d3db3976213efaReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor pom artifactid lucene-analyzers-common Low Vendor file name lucene-analyzers-common High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Lucene Common Analyzers High Vendor pom groupid org.apache.lucene Highest Vendor pom parent-artifactid lucene-parent Low Vendor pom description Additional Analyzers Medium Product pom artifactid lucene-analyzers-common Highest Product Manifest extension-name org.apache.lucene Medium Product file name lucene-analyzers-common High Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom name Lucene Common Analyzers High Product pom parent-groupid org.apache.lucene Low Product Manifest specification-title Lucene Search Engine: analyzers-common Medium Product pom parent-artifactid lucene-parent Medium Product pom description Additional Analyzers Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-analyzers-common:7.0.1 Confidence :Highest lucene-analyzers-kuromoji-7.0.1.jarDescription:
Lucene Kuromoji Japanese Morphological Analyzer
File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-analyzers-kuromoji/7.0.1/lucene-analyzers-kuromoji-7.0.1.jarMD5: 799b370b1f3979a6dda89d2f19f93e1dSHA1: f7cc8d5667a915a77d8d75a42082a9bf7a4f90faSHA256: 9c8314957013cea7465320646074d10db55171db759a8967c0826c97839f3ee7Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid lucene-analyzers-kuromoji Low Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor file name lucene-analyzers-kuromoji High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Lucene Kuromoji Japanese Morphological Analyzer High Vendor pom description
Lucene Kuromoji Japanese Morphological Analyzer
Medium Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor pom parent-artifactid lucene-parent Low Product Manifest extension-name org.apache.lucene Medium Product file name lucene-analyzers-kuromoji High Product Manifest specification-title Lucene Search Engine: analyzers-kuromoji Medium Product pom name Lucene Kuromoji Japanese Morphological Analyzer High Product pom description
Lucene Kuromoji Japanese Morphological Analyzer
Medium Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom parent-groupid org.apache.lucene Low Product pom artifactid lucene-analyzers-kuromoji Highest Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-analyzers-kuromoji:7.0.1 Confidence :Highest lucene-analyzers-phonetic-7.0.1.jarDescription:
Provides phonetic encoding via Commons Codec.
File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-analyzers-phonetic/7.0.1/lucene-analyzers-phonetic-7.0.1.jarMD5: 8df8c08733c0cba9956c4e809aa86977SHA1: be14b71ed53e99df493e526fbe9fe56dcf709148SHA256: 5c73488a63341409ea5131706527272152365ac60538df03f6850cd534861d3eReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor pom artifactid lucene-analyzers-phonetic Low Vendor file name lucene-analyzers-phonetic High Vendor pom description
Provides phonetic encoding via Commons Codec.
Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Lucene Phonetic Filters High Vendor pom groupid org.apache.lucene Highest Vendor pom parent-artifactid lucene-parent Low Product Manifest extension-name org.apache.lucene Medium Product file name lucene-analyzers-phonetic High Product pom description
Provides phonetic encoding via Commons Codec.
Medium Product Manifest specification-title Lucene Search Engine: analyzers-phonetic Medium Product pom artifactid lucene-analyzers-phonetic Highest Product pom groupid apache.lucene Low Product pom name Lucene Phonetic Filters High Product Manifest Implementation-Title org.apache.lucene High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-analyzers-phonetic:7.0.1 Confidence :Highest lucene-backward-codecs-7.0.1.jarDescription:
Codecs for older versions of Lucene.
File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-backward-codecs/7.0.1/lucene-backward-codecs-7.0.1.jarMD5: 0b1e104832688195be096629046ecf63SHA1: 18638048b965511a490b84c1e2623d396b7b9a3fSHA256: 012a7bae1663f373b3440b689436abfd90b409b02bece2c57f0a0d9937a11ea9Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor file name lucene-backward-codecs High Vendor pom artifactid lucene-backward-codecs Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor pom description
Codecs for older versions of Lucene.
Medium Vendor pom parent-artifactid lucene-parent Low Vendor pom name Lucene Memory High Product Manifest extension-name org.apache.lucene Medium Product Manifest specification-title Lucene Search Engine: backward-codecs Medium Product file name lucene-backward-codecs High Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom description
Codecs for older versions of Lucene.
Medium Product pom artifactid lucene-backward-codecs Highest Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Product pom name Lucene Memory High Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-backward-codecs:7.0.1 Confidence :Highest lucene-classification-7.0.1.jarDescription:
Lucene Classification File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-classification/7.0.1/lucene-classification-7.0.1.jarMD5: 664ece05ffe885c286cdf4ad53e26bcfSHA1: 5487501888b3454d8a6f07900fdf580c7460c7e5SHA256: bb02948c45705f3f82014058c64cdf7deddb6f8e39506505b6fa16ca5c6391b3Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name Lucene Classification High Vendor pom description Lucene Classification Medium Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor pom artifactid lucene-classification Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor file name lucene-classification High Vendor pom parent-artifactid lucene-parent Low Product pom name Lucene Classification High Product pom description Lucene Classification Medium Product Manifest extension-name org.apache.lucene Medium Product pom artifactid lucene-classification Highest Product Manifest specification-title Lucene Search Engine: classification Medium Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product file name lucene-classification High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-classification:7.0.1 Confidence :Highest lucene-codecs-7.0.1.jarDescription:
Codecs and postings formats for Apache Lucene.
File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-codecs/7.0.1/lucene-codecs-7.0.1.jarMD5: 66c3665c360daa555c81f50f28da356cSHA1: dbe35cc23b9e6dc1bd73c08363f0ecd02e6e7188SHA256: 654d0af78360fa9cf7118448565dc0de9e9934c86dded3a5bed34e7adf6d1a8cReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor file name lucene-codecs High Vendor pom name Lucene codecs High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom description
Codecs and postings formats for Apache Lucene.
Medium Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor pom artifactid lucene-codecs Low Vendor pom parent-artifactid lucene-parent Low Product Manifest extension-name org.apache.lucene Medium Product file name lucene-codecs High Product pom name Lucene codecs High Product pom description
Codecs and postings formats for Apache Lucene.
Medium Product pom artifactid lucene-codecs Highest Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: codecs Medium Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-codecs:7.0.1 Confidence :Highest lucene-core-7.0.1.jarDescription:
Apache Lucene Java Core File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-core/7.0.1/lucene-core-7.0.1.jarMD5: c9f9e9458069a3707efe8ce27af18bbbSHA1: 3f1ad4670da69cf5b4489b59152dce4eea252ff5SHA256: 8586ecb0521390097044a150fa71ffa15dbab9745bb96224e4c4ad3b391b4b56Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name lucene-core High Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor pom description Apache Lucene Java Core Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Lucene Core High Vendor pom groupid org.apache.lucene Highest Vendor pom artifactid lucene-core Low Vendor pom parent-artifactid lucene-parent Low Product file name lucene-core High Product Manifest extension-name org.apache.lucene Medium Product Manifest specification-title Lucene Search Engine: core Medium Product pom description Apache Lucene Java Core Medium Product pom artifactid lucene-core Highest Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom name Lucene Core High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-core:7.0.1 Confidence :Highest lucene-expressions-7.0.1.jarDescription:
Dynamically computed values to sort/facet/search on based on a pluggable grammar.
File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-expressions/7.0.1/lucene-expressions-7.0.1.jarMD5: 0e8b7705785225dcf1d0313cef5dabe2SHA1: 4dee7e95dd1c4fec151ad6604825cdf696b52e88SHA256: 00a9f7193b99c239b6e62a89cf02caa8e957f423b24f1687a03ff43ad7d8815eReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor pom name Lucene Expressions High Vendor file name lucene-expressions High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom description
Dynamically computed values to sort/facet/search on based on a pluggable grammar.
Medium Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor pom artifactid lucene-expressions Low Vendor pom parent-artifactid lucene-parent Low Product Manifest extension-name org.apache.lucene Medium Product pom name Lucene Expressions High Product file name lucene-expressions High Product pom description
Dynamically computed values to sort/facet/search on based on a pluggable grammar.
Medium Product pom artifactid lucene-expressions Highest Product Manifest specification-title Lucene Search Engine: expressions Medium Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-expressions:7.0.1 Confidence :Highest lucene-grouping-7.0.1.jarDescription:
Lucene Grouping Module File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-grouping/7.0.1/lucene-grouping-7.0.1.jarMD5: 2056241cda8f992e353b1cfee182155cSHA1: 6615491d5d2017e0243c2c2e016f92a8ca12db60SHA256: b4d0ed9dbb046ddce6713c26bd2688038095b8d83647524e890820437fdefa60Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description Lucene Grouping Module Medium Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Lucene Grouping High Vendor file name lucene-grouping High Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor pom artifactid lucene-grouping Low Vendor pom parent-artifactid lucene-parent Low Product pom description Lucene Grouping Module Medium Product Manifest extension-name org.apache.lucene Medium Product Manifest specification-title Lucene Search Engine: grouping Medium Product pom artifactid lucene-grouping Highest Product pom name Lucene Grouping High Product file name lucene-grouping High Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-grouping:7.0.1 Confidence :Highest lucene-highlighter-7.0.1.jarDescription:
This is the highlighter for apache lucene java
File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-highlighter/7.0.1/lucene-highlighter-7.0.1.jarMD5: 0d3cdaaaf71edbb3be1902cde2c175b6SHA1: 888bf6b9a1e8bd69931e30c67fc01edd284b4c81SHA256: 19b90fb993913bb954a320db052aa088798762e9d5c5b20a19f9c11ed43d44eaReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor file name lucene-highlighter High Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom description
This is the highlighter for apache lucene java
Medium Vendor pom groupid org.apache.lucene Highest Vendor pom artifactid lucene-highlighter Low Vendor pom name Lucene Highlighter High Vendor pom parent-artifactid lucene-parent Low Product Manifest specification-title Lucene Search Engine: highlighter Medium Product Manifest extension-name org.apache.lucene Medium Product file name lucene-highlighter High Product pom artifactid lucene-highlighter Highest Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom description
This is the highlighter for apache lucene java
Medium Product pom parent-groupid org.apache.lucene Low Product pom name Lucene Highlighter High Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-highlighter:7.0.1 Confidence :Highest lucene-join-7.0.1.jarDescription:
Lucene Join Module File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-join/7.0.1/lucene-join-7.0.1.jarMD5: 8e521d0d356c1b47f7726a837f296451SHA1: bfa8769171ef4c12d347a094c90a5b314d4d7915SHA256: 411645c64129e101abe37e3fdc29ee6d09a2cbde0d2632384d2201a6133cc96bReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor pom artifactid lucene-join Low Vendor pom name Lucene Join High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor file name lucene-join High Vendor pom description Lucene Join Module Medium Vendor pom parent-artifactid lucene-parent Low Product Manifest extension-name org.apache.lucene Medium Product pom name Lucene Join High Product pom artifactid lucene-join Highest Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product file name lucene-join High Product Manifest specification-title Lucene Search Engine: join Medium Product pom description Lucene Join Module Medium Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-join:7.0.1 Confidence :Highest lucene-memory-7.0.1.jarDescription:
High-performance single-document index to compare against Query
File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-memory/7.0.1/lucene-memory-7.0.1.jarMD5: 5fa48c7b1a2513ba8479988814c657feSHA1: c9bdc376260a5c94318085f6b5ba932cfdd51ad8SHA256: 412729936c08114ed4ebec966e8af599eb3402a55dce322184ec92861b6333feReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom description
High-performance single-document index to compare against Query
Medium Vendor pom parent-groupid org.apache.lucene Medium Vendor pom artifactid lucene-memory Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor file name lucene-memory High Vendor pom parent-artifactid lucene-parent Low Vendor pom name Lucene Memory High Product Manifest specification-title Lucene Search Engine: memory Medium Product pom artifactid lucene-memory Highest Product Manifest extension-name org.apache.lucene Medium Product pom description
High-performance single-document index to compare against Query
Medium Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product file name lucene-memory High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Product pom name Lucene Memory High Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-memory:7.0.1 Confidence :Highest lucene-misc-7.0.1.jarDescription:
Miscellaneous Lucene extensions File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-misc/7.0.1/lucene-misc-7.0.1.jarMD5: f4018cffa28eff63e737bf84d445f3e9SHA1: c72dd9d63f92f0e82961dd38e169d5affdb915b0SHA256: d133dcd0110f6a57e7f4a7f94c003edf606e38ce807ff417de00675986aab3e1Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor pom artifactid lucene-misc Low Vendor pom name Lucene Miscellaneous High Vendor pom description Miscellaneous Lucene extensions Medium Vendor file name lucene-misc High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor pom parent-artifactid lucene-parent Low Product Manifest extension-name org.apache.lucene Medium Product pom name Lucene Miscellaneous High Product pom description Miscellaneous Lucene extensions Medium Product file name lucene-misc High Product pom artifactid lucene-misc Highest Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product Manifest specification-title Lucene Search Engine: misc Medium Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-misc:7.0.1 Confidence :Highest lucene-queries-7.0.1.jarDescription:
Lucene Queries Module File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-queries/7.0.1/lucene-queries-7.0.1.jarMD5: c0706b29d50e357ee1741d46aa8378c4SHA1: 168e774681469e0d8902680d6cfce0131d6421bfSHA256: 487a16504e9150a39c239ce5756cd7200e093c29ffbcbfc5c287ccf5a2d0ce3aReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description Lucene Queries Module Medium Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor pom name Lucene Queries High Vendor file name lucene-queries High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor pom artifactid lucene-queries Low Vendor pom parent-artifactid lucene-parent Low Product pom description Lucene Queries Module Medium Product Manifest extension-name org.apache.lucene Medium Product pom artifactid lucene-queries Highest Product pom name Lucene Queries High Product file name lucene-queries High Product Manifest specification-title Lucene Search Engine: queries Medium Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-queries:7.0.1 Confidence :Highest lucene-queryparser-7.0.1.jarDescription:
Lucene QueryParsers module File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-queryparser/7.0.1/lucene-queryparser-7.0.1.jarMD5: fddb96f61a0783f9e0198db3f75227cdSHA1: 4634a493b78fe7ced32ca34dc107b753a280a276SHA256: 7ab1623c1dc892c3ba4f935d915dc5e02afb3e411db08a0a2094bbb8e3a8185eReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name lucene-queryparser High Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor pom artifactid lucene-queryparser Low Vendor pom name Lucene QueryParsers High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom description Lucene QueryParsers module Medium Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor pom parent-artifactid lucene-parent Low Product file name lucene-queryparser High Product Manifest extension-name org.apache.lucene Medium Product pom name Lucene QueryParsers High Product pom description Lucene QueryParsers module Medium Product Manifest specification-title Lucene Search Engine: queryparser Medium Product pom groupid apache.lucene Low Product pom artifactid lucene-queryparser Highest Product Manifest Implementation-Title org.apache.lucene High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-queryparser:7.0.1 Confidence :Highest lucene-sandbox-7.0.1.jarDescription:
Lucene Sandbox File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-sandbox/7.0.1/lucene-sandbox-7.0.1.jarMD5: 0ce54aa5d25080af63a8af8e52185b59SHA1: a379474d929b909b1602ecfd093df8ef70f76776SHA256: dcd59d03328a7e3b1498b93193c315b1c0973f645c2e4a50be72de5d5e4de59eReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom description Lucene Sandbox Medium Vendor pom artifactid lucene-sandbox Low Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Lucene Sandbox High Vendor pom groupid org.apache.lucene Highest Vendor file name lucene-sandbox High Vendor pom parent-artifactid lucene-parent Low Product pom artifactid lucene-sandbox Highest Product Manifest extension-name org.apache.lucene Medium Product pom description Lucene Sandbox Medium Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom name Lucene Sandbox High Product file name lucene-sandbox High Product Manifest specification-title Lucene Search Engine: sandbox Medium Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-sandbox:7.0.1 Confidence :Highest lucene-spatial-extras-7.0.1.jarDescription:
Advanced Spatial Shape Strategies for Apache Lucene
File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-spatial-extras/7.0.1/lucene-spatial-extras-7.0.1.jarMD5: 148633aba66114a8585ccac62e9541ebSHA1: 86f777596734662402b55e24a2848f0ac4a96628SHA256: 7b096ee98b185aa916e557e105e1af68fcd2cdc8f38955f328cd5b77a5645cd1Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor file name lucene-spatial-extras High Vendor pom parent-groupid org.apache.lucene Medium Vendor pom name Lucene Spatial Extras High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom description
Advanced Spatial Shape Strategies for Apache Lucene
Medium Vendor pom groupid org.apache.lucene Highest Vendor pom artifactid lucene-spatial-extras Low Vendor pom parent-artifactid lucene-parent Low Product Manifest extension-name org.apache.lucene Medium Product pom artifactid lucene-spatial-extras Highest Product Manifest specification-title Lucene Search Engine: spatial-extras Medium Product file name lucene-spatial-extras High Product pom name Lucene Spatial Extras High Product pom groupid apache.lucene Low Product pom description
Advanced Spatial Shape Strategies for Apache Lucene
Medium Product Manifest Implementation-Title org.apache.lucene High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-spatial-extras:7.0.1 Confidence :Highest lucene-suggest-7.0.1.jarDescription:
Lucene Suggest Module File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-suggest/7.0.1/lucene-suggest-7.0.1.jarMD5: c9c56997504302b075b9703e43d5627dSHA1: 71cf313010f44841f9cfb70e71559af50ea8198bSHA256: b6d23085298ae5fce8eabaf8b81f066caa9f30eef52574adb81a343920b7740bReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name lucene-suggest High Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor pom name Lucene Suggest High Vendor pom artifactid lucene-suggest Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.lucene Highest Vendor pom description Lucene Suggest Module Medium Vendor pom parent-artifactid lucene-parent Low Product file name lucene-suggest High Product Manifest specification-title Lucene Search Engine: suggest Medium Product Manifest extension-name org.apache.lucene Medium Product pom name Lucene Suggest High Product pom groupid apache.lucene Low Product Manifest Implementation-Title org.apache.lucene High Product pom artifactid lucene-suggest Highest Product pom description Lucene Suggest Module Medium Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
maven: org.apache.lucene:lucene-suggest:7.0.1 Confidence :Highest hppc-0.7.1.jarDescription:
High Performance Primitive Collections.
Fundamental data structures (maps, sets, lists, stacks, queues) generated for
combinations of object and primitive types to conserve JVM memory and speed
up execution. File Path: /Users/Kevin/.m2/repository/com/carrotsearch/hppc/0.7.1/hppc-0.7.1.jarMD5: 2ff89be5b49144c330190cf7137c3a26SHA1: 8b5057f74ea378c0150a1860874a3ebdcb713767SHA256: 40d2a57f59e9eae7b018d3b4841954087ee40a5c1db6a54c3ea87742e3890391Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid hppc Low Vendor file name hppc High Vendor jar package name hppc Low Vendor pom parent-artifactid hppc-parent Low Vendor pom description High Performance Primitive Collections. Fundamental data structures (maps, sets, lists, stacks, queues) generated for combinations of object and primitive types to conserve JVM memory and speed up execution. Low Vendor jar package name carrotsearch Low Vendor pom groupid com.carrotsearch Highest Vendor pom groupid carrotsearch Highest Vendor pom parent-groupid com.carrotsearch Medium Vendor pom name HPPC Collections High Product file name hppc High Product jar package name hppc Low Product pom groupid carrotsearch Low Product pom description High Performance Primitive Collections. Fundamental data structures (maps, sets, lists, stacks, queues) generated for combinations of object and primitive types to conserve JVM memory and speed up execution. Low Product pom parent-artifactid hppc-parent Medium Product pom parent-groupid com.carrotsearch Low Product pom name HPPC Collections High Product pom artifactid hppc Highest Version file version 0.7.1 Highest Version pom version 0.7.1 Highest
maven: com.carrotsearch:hppc:0.7.1 Confidence :Highest jackson-dataformat-smile-2.5.4.jarDescription:
Support for reading and writing Smile ("binary JSON")
encoded data using Jackson abstractions (streaming API, data binding,
tree model)
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/fasterxml/jackson/dataformat/jackson-dataformat-smile/2.5.4/jackson-dataformat-smile-2.5.4.jar
MD5: a3868ca8efddfec575b139f574e21dc2
SHA1: db0c5f1b6e16cb5f5e0505abfcd4b36f3e8bfdc6
SHA256: b3deecbe7ba584846b7439d936f9bdd1dd7c62383af8c74044587a77b6484457
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-smile Medium Vendor pom parent-artifactid jackson-parent Low Vendor pom name Jackson-dataformat-Smile High Vendor pom groupid com.fasterxml.jackson.dataformat Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest Implementation-Vendor FasterXML High Vendor pom artifactid jackson-dataformat-smile Low Vendor Manifest specification-vendor FasterXML Low Vendor pom groupid fasterxml.jackson.dataformat Highest Vendor pom url http://wiki.fasterxml.com/JacksonForSmile Highest Vendor Manifest implementation-build-date 2015-06-09 22:10:49-0700 Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.dataformat Medium Vendor manifest Bundle-Description Support for reading and writing Smile ("binary JSON")encoded data using Jackson abstractions (streaming API, data binding,tree model) Low Vendor file name jackson-dataformat-smile High Vendor pom description Support for reading and writing Smile ("binary JSON")
encoded data using Jackson abstractions (streaming API, data binding,
tree model) Low Vendor Manifest bundle-docurl http://wiki.fasterxml.com/JacksonForSmile Low Product Manifest bundle-symbolicname com.fasterxml.jackson.dataformat.jackson-dataformat-smile Medium Product pom name Jackson-dataformat-Smile High Product pom artifactid jackson-dataformat-smile Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest Implementation-Title Jackson-dataformat-Smile High Product Manifest implementation-build-date 2015-06-09 22:10:49-0700 Low Product pom parent-artifactid jackson-parent Medium Product pom groupid fasterxml.jackson.dataformat Low Product Manifest specification-title Jackson-dataformat-Smile Medium Product manifest Bundle-Description Support for reading and writing Smile ("binary JSON")encoded data using Jackson abstractions (streaming API, data binding,tree model) Low Product Manifest Bundle-Name Jackson-dataformat-Smile Medium Product pom parent-groupid com.fasterxml.jackson Low Product file name jackson-dataformat-smile High Product pom description Support for reading and writing Smile ("binary JSON")
encoded data using Jackson abstractions (streaming API, data binding,
tree model) Low Product pom url http://wiki.fasterxml.com/JacksonForSmile Medium Product Manifest bundle-docurl http://wiki.fasterxml.com/JacksonForSmile Low Version Manifest Implementation-Version 2.5.4 High Version file version 2.5.4 Highest Version pom version 2.5.4 Highest
maven: com.fasterxml.jackson.dataformat:jackson-dataformat-smile:2.5.4 Confidence :Highestcpe: cpe:/a:fasterxml:jackson:2.5.4 Confidence :Low suppress caffeine-2.4.0.jarDescription:
A high performance caching library for Java 8+ License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/github/ben-manes/caffeine/caffeine/2.4.0/caffeine-2.4.0.jar
MD5: 88d83922414143f7c3c1d12b83ca4d7b
SHA1: 5aa8bbb851b1ad403cc140094ba4a25998369efe
SHA256: a70d0ce267c92820aeb2790720643b3554e09ae7a95b5f5cc5e9c4800fcfab44
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Vendor pom url ben-manes/caffeine Highest Vendor pom groupid github.ben-manes.caffeine Highest Vendor pom artifactid caffeine Low Vendor pom description A high performance caching library for Java 8+ Medium Vendor pom groupid com.github.ben-manes.caffeine Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor pom name Caffeine cache High Vendor file name caffeine High Product pom url ben-manes/caffeine High Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Product pom artifactid caffeine Highest Product pom description A high performance caching library for Java 8+ Medium Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product pom name Caffeine cache High Product file name caffeine High Product pom groupid github.ben-manes.caffeine Low Version pom version 2.4.0 Highest Version file version 2.4.0 Highest
maven: com.github.ben-manes.caffeine:caffeine:2.4.0 Confidence :Highest protobuf-java-3.1.0.jarDescription:
Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an
efficient yet extensible format.
License:
http://www.opensource.org/licenses/bsd-license.php File Path: /Users/Kevin/.m2/repository/com/google/protobuf/protobuf-java/3.1.0/protobuf-java-3.1.0.jar
MD5: 6fcd9d8f757eea48ac7f3e1b279f94e8
SHA1: e13484d9da178399d32d2d27ee21a77cfb4b7873
SHA256: 8d7ec605ca105747653e002bfe67bddba90ab964da697aaa5daa1060923585db
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid protobuf-parent Low Vendor pom artifactid protobuf-java Low Vendor Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom groupid com.google.protobuf Highest Vendor file name protobuf-java High Vendor pom name Protocol Buffers [Core] High Vendor pom description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low Vendor manifest Bundle-Description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low Vendor pom parent-groupid com.google.protobuf Medium Vendor Manifest bundle-symbolicname com.google.protobuf Medium Vendor pom groupid google.protobuf Highest Product pom artifactid protobuf-java Highest Product pom parent-groupid com.google.protobuf Low Product pom groupid google.protobuf Low Product Manifest bundle-docurl https://developers.google.com/protocol-buffers/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product file name protobuf-java High Product pom parent-artifactid protobuf-parent Medium Product pom name Protocol Buffers [Core] High Product pom description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low Product manifest Bundle-Description Core Protocol Buffers library. Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Low Product Manifest bundle-symbolicname com.google.protobuf Medium Product Manifest Bundle-Name Protocol Buffers [Core] Medium Version file version 3.1.0 Highest Version pom version 3.1.0 Highest
Published Vulnerabilities CVE-2015-5237 suppress
Severity:Medium CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. Vulnerable Software & Versions: (show all )
t-digest-3.1.jarDescription:
Data structure which allows accurate estimation of quantiles and related rank statistics License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/tdunning/t-digest/3.1/t-digest-3.1.jar
MD5: ba0c00142170b71bd3ae17d2d7e4e38b
SHA1: 451ed219688aed5821a789428fd5e10426d11312
SHA256: 271f3a5a4bc79d7554c9e9e557669af83bcbda0db871e0b8c969d56e51c123a9
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name T-Digest High Vendor jar package name math Low Vendor pom groupid tdunning Highest Vendor pom description Data structure which allows accurate estimation of quantiles and related rank statistics Medium Vendor file name t-digest High Vendor pom artifactid t-digest Low Vendor jar package name tdunning Low Vendor pom groupid com.tdunning Highest Vendor jar package name stats Low Vendor pom url tdunning/t-digest Highest Product pom artifactid t-digest Highest Product pom name T-Digest High Product jar package name math Low Product pom url tdunning/t-digest High Product pom description Data structure which allows accurate estimation of quantiles and related rank statistics Medium Product file name t-digest High Product pom groupid tdunning Low Product jar package name stats Low Version pom version 3.1 Highest Version file version 3.1 Highest
maven: com.tdunning:t-digest:3.1 Confidence :Highest dom4j-1.6.1.jarDescription:
dom4j: the flexible XML framework for Java File Path: /Users/Kevin/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jarMD5: 4d8f51d3fe3900efc6e395be48030d6dSHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94SHA256: 593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom organization url http://sourceforge.net/projects/dom4j Medium Vendor Manifest extension-name dom4j Medium Vendor Manifest Implementation-Vendor MetaStuff Ltd. High Vendor pom name dom4j High Vendor pom description dom4j: the flexible XML framework for Java Medium Vendor file name dom4j High Vendor Manifest specification-vendor MetaStuff Ltd. Low Vendor pom url http://dom4j.org Highest Vendor pom groupid dom4j Highest Vendor pom organization name MetaStuff Ltd. High Vendor pom artifactid dom4j Low Product pom artifactid dom4j Highest Product pom url http://dom4j.org Medium Product Manifest extension-name dom4j Medium Product pom name dom4j High Product pom description dom4j: the flexible XML framework for Java Medium Product file name dom4j High Product pom groupid dom4j Low Product Manifest Implementation-Title org.dom4j High Product Manifest specification-title dom4j : XML framework for Java Medium Product pom organization url http://sourceforge.net/projects/dom4j Low Product pom organization name MetaStuff Ltd. Low Version Manifest Implementation-Version 1.6.1 High Version file version 1.6.1 Highest Version pom version 1.6.1 Highest
Published Vulnerabilities CVE-2018-1000632 suppress
Severity:Medium CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) CWE: CWE-91 XML Injection (aka Blind XPath Injection)
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later. Vulnerable Software & Versions: (show all )
gmetric4j-1.0.7.jarDescription:
JVM instrumentation to Ganglia License:
The MIT License: http://www.opensource.org/licenses/mit-license.php File Path: /Users/Kevin/.m2/repository/info/ganglia/gmetric4j/gmetric4j/1.0.7/gmetric4j-1.0.7.jar
MD5: ae36017546569c0312ba11f7b8c369c3
SHA1: 37a1cb0d8821cad9bd33f1ce454459fed18efa44
SHA256: b71d7e1ad919506385f4489084a05bf02a7fbda0b7eeb151fc6adae9866c3aba
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor jar package name ganglia Low Vendor pom url http://github.com/ganglia/gmetric4j Highest Vendor pom artifactid gmetric4j Low Vendor pom groupid info.ganglia.gmetric4j Highest Vendor jar package name info Low Vendor pom description JVM instrumentation to Ganglia Medium Vendor pom name gmetric4j High Vendor file name gmetric4j High Vendor jar package name gmetric4j Low Product jar package name ganglia Low Product pom url http://github.com/ganglia/gmetric4j Medium Product pom description JVM instrumentation to Ganglia Medium Product pom name gmetric4j High Product jar package name xdr Low Product pom artifactid gmetric4j Highest Product pom groupid info.ganglia.gmetric4j Low Product file name gmetric4j High Product jar package name gmetric4j Low Version file version 1.0.7 Highest Version pom version 1.0.7 Highest
maven: info.ganglia.gmetric4j:gmetric4j:1.0.7 Confidence :Highest metrics-ganglia-3.2.2.jarDescription:
A reporter for Metrics which announces measurements to a Ganglia cluster.
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /Users/Kevin/.m2/repository/io/dropwizard/metrics/metrics-ganglia/3.2.2/metrics-ganglia-3.2.2.jar
MD5: 6998771417e4efe002eaa0f82bd939fb
SHA1: d5bb1883e9b0daf0e4187e558746f5058f4585c1
SHA256: fdae87ba15898e1754c885afab1594962b0bb24e2049ad35b853521b458f7351
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.dropwizard.metrics Highest Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium Vendor pom name Ganglia Integration for Metrics High Vendor pom artifactid metrics-ganglia Low Vendor pom parent-artifactid metrics-parent Low Vendor manifest Bundle-Description A reporter for Metrics which announces measurements to a Ganglia cluster. Medium Vendor pom description
A reporter for Metrics which announces measurements to a Ganglia cluster.
Medium Vendor file name metrics-ganglia High Vendor Manifest bundle-symbolicname io.dropwizard.metrics.ganglia Medium Product pom name Ganglia Integration for Metrics High Product pom parent-artifactid metrics-parent Medium Product pom groupid io.dropwizard.metrics Low Product manifest Bundle-Description A reporter for Metrics which announces measurements to a Ganglia cluster. Medium Product Manifest Implementation-Title Ganglia Integration for Metrics High Product Manifest Bundle-Name Ganglia Integration for Metrics Medium Product pom description
A reporter for Metrics which announces measurements to a Ganglia cluster.
Medium Product pom artifactid metrics-ganglia Highest Product file name metrics-ganglia High Product Manifest bundle-symbolicname io.dropwizard.metrics.ganglia Medium Version pom version 3.2.2 Highest Version file version 3.2.2 Highest Version Manifest Implementation-Version 3.2.2 High
maven: io.dropwizard.metrics:metrics-ganglia:3.2.2 Confidence :Highest metrics-graphite-3.2.2.jarDescription:
A reporter for Metrics which announces measurements to a Graphite server.
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /Users/Kevin/.m2/repository/io/dropwizard/metrics/metrics-graphite/3.2.2/metrics-graphite-3.2.2.jar
MD5: ba2f49e74fbfbdbb36045755684f896e
SHA1: 908e8cbec1bbdb2f4023334e424c7de2832a95af
SHA256: cb967ecf5d6d88fe08322b8fe64b885ef2ce0e74ed8fc9bfea286e7aad2e6d47
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.dropwizard.metrics Highest Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium Vendor file name metrics-graphite High Vendor pom parent-artifactid metrics-parent Low Vendor pom artifactid metrics-graphite Low Vendor manifest Bundle-Description A reporter for Metrics which announces measurements to a Graphite server. Medium Vendor pom name Graphite Integration for Metrics High Vendor Manifest bundle-symbolicname io.dropwizard.metrics.graphite Medium Vendor pom description
A reporter for Metrics which announces measurements to a Graphite server.
Medium Product Manifest Implementation-Title Graphite Integration for Metrics High Product pom parent-artifactid metrics-parent Medium Product file name metrics-graphite High Product pom groupid io.dropwizard.metrics Low Product manifest Bundle-Description A reporter for Metrics which announces measurements to a Graphite server. Medium Product pom name Graphite Integration for Metrics High Product Manifest bundle-symbolicname io.dropwizard.metrics.graphite Medium Product Manifest Bundle-Name Graphite Integration for Metrics Medium Product pom description
A reporter for Metrics which announces measurements to a Graphite server.
Medium Product pom artifactid metrics-graphite Highest Version pom version 3.2.2 Highest Version file version 3.2.2 Highest Version Manifest Implementation-Version 3.2.2 High
cpe: cpe:/a:graphite_project:graphite:3.2.2 Confidence :Low suppress maven: io.dropwizard.metrics:metrics-graphite:3.2.2 Confidence :Highest metrics-jetty9-3.2.2.jarDescription:
A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector
metrics, and application latency and utilization.
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /Users/Kevin/.m2/repository/io/dropwizard/metrics/metrics-jetty9/3.2.2/metrics-jetty9-3.2.2.jar
MD5: 42a436bbd0e679c9e1737ab7bf5dcf75
SHA1: 3fc94d99f41dc3f5be5483c81828138104df4449
SHA256: ee2a8a882b9a0a87d8c76139c409ddf25ebb7c666f8b4da9b1929214302c370d
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.dropwizard.metrics Highest Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium Vendor Manifest bundle-symbolicname io.dropwizard.metrics.jetty9 Medium Vendor pom artifactid metrics-jetty9 Low Vendor pom parent-artifactid metrics-parent Low Vendor manifest Bundle-Description A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization. Low Vendor pom name Metrics Integration for Jetty 9.1 and higher High Vendor pom description A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization. Low Vendor file name metrics-jetty9 High Product Manifest bundle-symbolicname io.dropwizard.metrics.jetty9 Medium Product pom parent-artifactid metrics-parent Medium Product manifest Bundle-Description A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization. Low Product Manifest Implementation-Title Metrics Integration for Jetty 9.1 and higher High Product pom groupid io.dropwizard.metrics Low Product pom artifactid metrics-jetty9 Highest Product Manifest Bundle-Name Metrics Integration for Jetty 9.1 and higher Medium Product pom name Metrics Integration for Jetty 9.1 and higher High Product pom description A set of extensions for Jetty 9.1 and higher which provide instrumentation of thread pools, connector metrics, and application latency and utilization. Low Product file name metrics-jetty9 High Version pom version 3.2.2 Highest Version file version 3.2.2 Highest Version Manifest Implementation-Version 3.2.2 High
maven: io.dropwizard.metrics:metrics-jetty9:3.2.2 Confidence :Highestcpe: cpe:/a:jetty:jetty:3.2.2 Confidence :Low suppress metrics-jvm-3.2.2.jarDescription:
A set of classes which allow you to monitor critical aspects of your Java Virtual Machine
using Metrics.
License:
http://www.apache.org/licenses/LICENSE-2.0.html File Path: /Users/Kevin/.m2/repository/io/dropwizard/metrics/metrics-jvm/3.2.2/metrics-jvm-3.2.2.jar
MD5: 628535c45f493ea53527258e1ddbfe8b
SHA1: 9cbf2030242f7ffb97fae23f8a81421eb8d4ad45
SHA256: bdbe173890c2572ee53fc005a472950150a76a1a038f6114099c67508e559a6c
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid io.dropwizard.metrics Highest Vendor manifest Bundle-Description A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics. Low Vendor Manifest Implementation-Vendor-Id io.dropwizard.metrics Medium Vendor pom name JVM Integration for Metrics High Vendor file name metrics-jvm High Vendor pom parent-artifactid metrics-parent Low Vendor pom artifactid metrics-jvm Low Vendor Manifest bundle-symbolicname io.dropwizard.metrics.jvm Medium Vendor pom description A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics. Low Product pom artifactid metrics-jvm Highest Product manifest Bundle-Description A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics. Low Product pom parent-artifactid metrics-parent Medium Product pom name JVM Integration for Metrics High Product file name metrics-jvm High Product Manifest Bundle-Name JVM Integration for Metrics Medium Product pom groupid io.dropwizard.metrics Low Product Manifest bundle-symbolicname io.dropwizard.metrics.jvm Medium Product Manifest Implementation-Title JVM Integration for Metrics High Product pom description A set of classes which allow you to monitor critical aspects of your Java Virtual Machine using Metrics. Low Version pom version 3.2.2 Highest Version file version 3.2.2 Highest Version Manifest Implementation-Version 3.2.2 High
maven: io.dropwizard.metrics:metrics-jvm:3.2.2 Confidence :Highest log4j-1.2.17.jarDescription:
Apache Log4j 1.2 License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar
MD5: 04a41f0a068986f0f73485cf507c0f40
SHA1: 5af35056b4d257e4b64b9e8069c0746e8b08629f
SHA256: 1d31696445697720527091754369082a6651bd49781b6005deb94e56753406f9
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name log4j High Vendor manifest Bundle-Description Apache Log4j 1.2 Medium Vendor Manifest bundle-docurl http://logging.apache.org/log4j/1.2 Low Vendor Manifest bundle-symbolicname log4j Medium Vendor manifest: org.apache.log4j Implementation-Vendor "Apache Software Foundation" Medium Vendor pom organization name Apache Software Foundation High Vendor pom artifactid log4j Low Vendor pom description Apache Log4j 1.2 Medium Vendor pom name Apache Log4j High Vendor pom organization url http://www.apache.org Medium Vendor pom groupid log4j Highest Vendor pom url http://logging.apache.org/log4j/1.2/ Highest Product file name log4j High Product manifest Bundle-Description Apache Log4j 1.2 Medium Product Manifest bundle-docurl http://logging.apache.org/log4j/1.2 Low Product Manifest bundle-symbolicname log4j Medium Product pom artifactid log4j Highest Product manifest: org.apache.log4j Implementation-Title log4j Medium Product pom organization name Apache Software Foundation Low Product pom description Apache Log4j 1.2 Medium Product pom url http://logging.apache.org/log4j/1.2/ Medium Product pom groupid log4j Low Product Manifest Bundle-Name Apache Log4j Medium Product pom organization url http://www.apache.org Low Product pom name Apache Log4j High Version file version 1.2.17 Highest Version pom version 1.2.17 Highest
cpe: cpe:/a:apache:log4j:1.2.17 Confidence :Low suppress maven: log4j:log4j:1.2.17 Confidence :Highest eigenbase-properties-1.1.5.jarDescription:
Type-safe access to Java system properties License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/net/hydromatic/eigenbase-properties/1.1.5/eigenbase-properties-1.1.5.jar
MD5: 74250b1aa57ff13507bf28c09e5299eb
SHA1: a941956b3a4664d0cf728ece06ba25cc2110a3aa
SHA256: 9394a752411d9729a083cf578ed9666ec9a7f59c18c9ca889127480a44c7285c
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid net.hydromatic Highest Vendor pom organization url http://www.hydromatic.net Medium Vendor Manifest bundle-docurl http://www.hydromatic.net Low Vendor pom name eigenbase-properties High Vendor file name eigenbase-properties High Vendor pom description Type-safe access to Java system properties Medium Vendor manifest Bundle-Description Type-safe access to Java system properties Medium Vendor pom organization name Julian Hyde High Vendor Manifest bundle-symbolicname net.hydromatic.eigenbase-properties Medium Vendor pom artifactid eigenbase-properties Low Vendor pom parent-artifactid parent Low Vendor pom url http://github.com/julianhyde/eigenbase-properties Highest Product pom artifactid eigenbase-properties Highest Product Manifest bundle-docurl http://www.hydromatic.net Low Product pom name eigenbase-properties High Product pom groupid net.hydromatic Low Product pom organization name Julian Hyde Low Product file name eigenbase-properties High Product Manifest Bundle-Name eigenbase-properties Medium Product pom description Type-safe access to Java system properties Medium Product manifest Bundle-Description Type-safe access to Java system properties Medium Product pom parent-artifactid parent Medium Product Manifest bundle-symbolicname net.hydromatic.eigenbase-properties Medium Product pom organization url http://www.hydromatic.net Low Product pom url http://github.com/julianhyde/eigenbase-properties Medium Version pom version 1.1.5 Highest Version file version 1.1.5 Highest
maven: net.hydromatic:eigenbase-properties:1.1.5 Confidence :Highest antlr4-runtime-4.5.1-1.jarDescription:
The ANTLR 4 Runtime License:
http://www.antlr.org/license.html File Path: /Users/Kevin/.m2/repository/org/antlr/antlr4-runtime/4.5.1-1/antlr4-runtime-4.5.1-1.jar
MD5: c57e3c5fd251603e1d815ec1d6fde69b
SHA1: 66144204f9d6d7d3f3f775622c2dd7e9bd511d97
SHA256: ffca72bc2a25bb2b0c80a58cee60530a78be17da739bb6c91a8c2e3584ca099e
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor ANTLR High Vendor pom parent-groupid org.antlr Medium Vendor pom groupid org.antlr Highest Vendor pom description The ANTLR 4 Runtime Medium Vendor pom name ANTLR 4 Runtime High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor pom artifactid antlr4-runtime Low Vendor Manifest Implementation-Vendor-Id org.antlr Medium Vendor manifest Bundle-Description The ANTLR 4 Runtime Medium Vendor Manifest bundle-docurl http://www.antlr.org Low Vendor pom groupid antlr Highest Vendor file name antlr4-runtime High Vendor Manifest bundle-symbolicname org.antlr.antlr4-runtime-osgi Medium Vendor pom parent-artifactid antlr4-master Low Product pom description The ANTLR 4 Runtime Medium Product pom name ANTLR 4 Runtime High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product Manifest Bundle-Name ANTLR 4 Runtime Medium Product pom groupid antlr Low Product pom artifactid antlr4-runtime Highest Product manifest Bundle-Description The ANTLR 4 Runtime Medium Product Manifest bundle-docurl http://www.antlr.org Low Product file name antlr4-runtime High Product Manifest bundle-symbolicname org.antlr.antlr4-runtime-osgi Medium Product Manifest Implementation-Title ANTLR 4 Runtime High Product pom parent-groupid org.antlr Low Product pom parent-artifactid antlr4-master Medium Version Manifest Implementation-Version 4.5.1-1 High Version file version 4.5.1.1 Highest Version pom version 4.5.1-1 Highest
maven: org.antlr:antlr4-runtime:4.5.1-1 Confidence :Highest calcite-core-1.13.0.jarDescription:
Core Calcite APIs and engine. File Path: /Users/Kevin/.m2/repository/org/apache/calcite/calcite-core/1.13.0/calcite-core-1.13.0.jarMD5: 29b1ddb56d998c4503737088f49074e7SHA1: 1e7995aa0afe4c27a12e7b320a2938dcf05d9581SHA256: 0cb6147c7c6373da536f5f856a307e36ea32b90951b90f88fe5bda335939fb97Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.calcite Highest Vendor pom groupid apache.calcite Highest Vendor file name calcite-core High Vendor pom parent-artifactid calcite Low Vendor pom name Calcite Core High Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom description Core Calcite APIs and engine. Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.calcite Medium Vendor pom parent-groupid org.apache.calcite Medium Vendor pom artifactid calcite-core Low Vendor Manifest implementation-url https://calcite.apache.org/calcite-core Low Product pom description Core Calcite APIs and engine. Medium Product Manifest Implementation-Title Calcite Core High Product pom parent-groupid org.apache.calcite Low Product pom artifactid calcite-core Highest Product file name calcite-core High Product pom parent-artifactid calcite Medium Product pom name Calcite Core High Product Manifest specification-title Calcite Core Medium Product pom groupid apache.calcite Low Product Manifest implementation-url https://calcite.apache.org/calcite-core Low Version pom version 1.13.0 Highest Version file version 1.13.0 Highest Version Manifest Implementation-Version 1.13.0 High
maven: org.apache.calcite:calcite-core:1.13.0 Confidence :Highest calcite-linq4j-1.13.0.jarDescription:
Calcite APIs for LINQ (Language-Integrated Query) in Java File Path: /Users/Kevin/.m2/repository/org/apache/calcite/calcite-linq4j/1.13.0/calcite-linq4j-1.13.0.jarMD5: 6537b031565b9c7f0dea69953f93e0d6SHA1: 96c814d27516cf48d439277300252bfb2b00486fSHA256: 1d172b70bb9a79848cf60e8149c7b6dfbc97b5bd1d2bd61919ae1f4009b718b3Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.calcite Highest Vendor pom groupid apache.calcite Highest Vendor pom parent-artifactid calcite Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Calcite Linq4j High Vendor Manifest implementation-url https://calcite.apache.org/calcite-linq4j Low Vendor pom artifactid calcite-linq4j Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.calcite Medium Vendor pom parent-groupid org.apache.calcite Medium Vendor file name calcite-linq4j High Vendor pom description Calcite APIs for LINQ (Language-Integrated Query) in Java Medium Product Manifest Implementation-Title Calcite Linq4j High Product pom parent-groupid org.apache.calcite Low Product Manifest implementation-url https://calcite.apache.org/calcite-linq4j Low Product pom parent-artifactid calcite Medium Product Manifest specification-title Calcite Linq4j Medium Product pom groupid apache.calcite Low Product pom artifactid calcite-linq4j Highest Product file name calcite-linq4j High Product pom description Calcite APIs for LINQ (Language-Integrated Query) in Java Medium Product pom name Calcite Linq4j High Version pom version 1.13.0 Highest Version file version 1.13.0 Highest Version Manifest Implementation-Version 1.13.0 High
maven: org.apache.calcite:calcite-linq4j:1.13.0 Confidence :Highest avatica-core-1.10.0.jarDescription:
JDBC driver framework. File Path: /Users/Kevin/.m2/repository/org/apache/calcite/avatica/avatica-core/1.10.0/avatica-core-1.10.0.jarMD5: de761b429df2ea4988155ba48fb8c225SHA1: 82280b09d490c7e4981b5af2d79fcf55efbe6144SHA256: 1ba1dd30d5a84b694f652c2dc104497648bb4ee35cf51820ba294cb682c6b46dReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name avatica-core High Vendor Manifest Implementation-Vendor-Id org.apache.calcite.avatica Medium Vendor pom artifactid avatica-core Low Vendor pom name Apache Calcite Avatica High Vendor pom groupid apache.calcite.avatica Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.calcite.avatica Medium Vendor pom groupid org.apache.calcite.avatica Highest Vendor pom description JDBC driver framework. Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-artifactid avatica-parent Low Vendor Manifest implementation-url https://calcite.apache.org/avatica/shaded/avatica-core Low Product file name avatica-core High Product pom parent-groupid org.apache.calcite.avatica Low Product pom name Apache Calcite Avatica High Product pom description JDBC driver framework. Medium Product pom groupid apache.calcite.avatica Low Product pom parent-artifactid avatica-parent Medium Product Manifest implementation-url https://calcite.apache.org/avatica/shaded/avatica-core Low Product pom artifactid avatica-core Highest Product Manifest Implementation-Title Apache Calcite Avatica High Product Manifest specification-title Apache Calcite Avatica Medium Version Manifest Implementation-Version 1.10.0 High Version file version 1.10.0 Highest Version pom version 1.10.0 Highest
maven: org.apache.calcite.avatica:avatica-core:1.10.0 Confidence :Highest commons-exec-1.3.jarDescription:
Apache Commons Exec is a library to reliably execute external processes from within the JVM. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/commons/commons-exec/1.3/commons-exec-1.3.jar
MD5: 8bb8fa2edfd60d5c7ed6bf9923d14aa8
SHA1: 8dfb9facd0830a27b1b5f29f84593f0aeee7773b
SHA256: cb49812dc1bfb0ea4f20f398bcae1a88c6406e213e67f7524fb10d4f8ad9347b
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.commons Highest Vendor manifest Bundle-Description Apache Commons Exec is a library to reliably execute external processes from within the JVM. Medium Vendor Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low Vendor pom parent-artifactid commons-parent Low Vendor pom url http://commons.apache.org/proper/commons-exec/ Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Vendor Manifest bundle-symbolicname org.apache.commons.exec Medium Vendor pom artifactid commons-exec Low Vendor pom description Apache Commons Exec is a library to reliably execute external processes from within the JVM. Medium Vendor file name commons-exec High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom name Apache Commons Exec High Vendor pom groupid org.apache.commons Highest Product Manifest Implementation-Title Apache Commons Exec High Product manifest Bundle-Description Apache Commons Exec is a library to reliably execute external processes from within the JVM. Medium Product Manifest implementation-build trunk@r1636211; 2014-11-02 23:51:55+0000 Low Product pom artifactid commons-exec Highest Product Manifest bundle-docurl http://commons.apache.org/proper/commons-exec/ Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))" Low Product pom url http://commons.apache.org/proper/commons-exec/ Medium Product Manifest bundle-symbolicname org.apache.commons.exec Medium Product Manifest Bundle-Name Apache Commons Exec Medium Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom description Apache Commons Exec is a library to reliably execute external processes from within the JVM. Medium Product file name commons-exec High Product Manifest specification-title Apache Commons Exec Medium Product pom groupid apache.commons Low Product pom name Apache Commons Exec High Version pom version 1.3 Highest Version Manifest Implementation-Version 1.3 High Version file version 1.3 Highest
maven: org.apache.commons:commons-exec:1.3 Confidence :Highest curator-client-2.8.0.jarDescription:
Low-level API License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/curator/curator-client/2.8.0/curator-client-2.8.0.jar
MD5: c9092076fe5ede652f89465d6a859dfa
SHA1: 84feebaa8526f4984566f6a32f55d7689800acf9
SHA256: 80ea85c2db916da0171c93c84418bad429b26b7be716abd331f670e269850dbb
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor pom description Low-level API Medium Vendor Manifest bundle-symbolicname curator-client Medium Vendor pom name Curator Client High Vendor file name curator-client High Vendor pom groupid org.apache.curator Highest Vendor manifest Bundle-Description Low-level API Medium Vendor pom artifactid curator-client Low Vendor pom groupid apache.curator Highest Vendor pom parent-artifactid apache-curator Low Vendor pom parent-groupid org.apache.curator Medium Product Manifest Bundle-Name Curator Client Medium Product Manifest bundle-docurl http://www.apache.org/ Low Product pom artifactid curator-client Highest Product pom parent-artifactid apache-curator Medium Product pom description Low-level API Medium Product Manifest bundle-symbolicname curator-client Medium Product pom name Curator Client High Product file name curator-client High Product manifest Bundle-Description Low-level API Medium Product pom parent-groupid org.apache.curator Low Product pom groupid apache.curator Low Version file version 2.8.0 Highest Version pom version 2.8.0 Highest
maven: org.apache.curator:curator-client:2.8.0 Confidence :Highest curator-framework-2.8.0.jarDescription:
High-level API that greatly simplifies using ZooKeeper. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/curator/curator-framework/2.8.0/curator-framework-2.8.0.jar
MD5: 1ef0e8c00272ceba66741ee16773c5cd
SHA1: f8edc9156084ad19ae50ae5958bf218a08351834
SHA256: 955a367d71304944018f1d0cb0ab875ae6957705458b0c66798fb19bf7bc1823
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor pom description High-level API that greatly simplifies using ZooKeeper. Medium Vendor manifest Bundle-Description High-level API that greatly simplifies using ZooKeeper. Medium Vendor pom groupid org.apache.curator Highest Vendor Manifest bundle-symbolicname curator-framework Medium Vendor pom artifactid curator-framework Low Vendor file name curator-framework High Vendor pom name Curator Framework High Vendor pom groupid apache.curator Highest Vendor pom parent-artifactid apache-curator Low Vendor pom parent-groupid org.apache.curator Medium Product Manifest bundle-docurl http://www.apache.org/ Low Product pom description High-level API that greatly simplifies using ZooKeeper. Medium Product pom parent-artifactid apache-curator Medium Product manifest Bundle-Description High-level API that greatly simplifies using ZooKeeper. Medium Product Manifest bundle-symbolicname curator-framework Medium Product file name curator-framework High Product pom parent-groupid org.apache.curator Low Product pom name Curator Framework High Product pom groupid apache.curator Low Product pom artifactid curator-framework Highest Product Manifest Bundle-Name Curator Framework Medium Version file version 2.8.0 Highest Version pom version 2.8.0 Highest
cpe: cpe:/a:apache:zookeeper:2.8.0 Confidence :Low suppress maven: org.apache.curator:curator-framework:2.8.0 Confidence :Highest Published Vulnerabilities CVE-2016-5017 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string. Vulnerable Software & Versions: (show all )
CVE-2018-8012 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-285 Improper Authorization
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. Vulnerable Software & Versions: (show all )
curator-recipes-2.8.0.jarDescription:
All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/curator/curator-recipes/2.8.0/curator-recipes-2.8.0.jar
MD5: d0cda7ac1d3317646df990366d89110b
SHA1: c563e25fb37f85a6b029bc9746e75573640474fb
SHA256: c527e7fc5f88437ad90bed5f6227ee577a11b36550784d1c066c85d9324a3ca6
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). Medium Vendor Manifest bundle-docurl http://www.apache.org/ Low Vendor pom groupid org.apache.curator Highest Vendor pom artifactid curator-recipes Low Vendor pom groupid apache.curator Highest Vendor pom parent-artifactid apache-curator Low Vendor file name curator-recipes High Vendor pom parent-groupid org.apache.curator Medium Vendor Manifest bundle-symbolicname curator-recipes Medium Vendor manifest Bundle-Description All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). Medium Vendor pom name Curator Recipes High Product pom description All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). Medium Product Manifest bundle-docurl http://www.apache.org/ Low Product pom artifactid curator-recipes Highest Product pom parent-artifactid apache-curator Medium Product pom parent-groupid org.apache.curator Low Product Manifest Bundle-Name Curator Recipes Medium Product file name curator-recipes High Product pom groupid apache.curator Low Product Manifest bundle-symbolicname curator-recipes Medium Product manifest Bundle-Description All of the recipes listed on the ZooKeeper recipes doc (except two phase commit). Medium Product pom name Curator Recipes High Version file version 2.8.0 Highest Version pom version 2.8.0 Highest
maven: org.apache.curator:curator-recipes:2.8.0 Confidence :Highest hadoop-hdfs-2.7.4.jarDescription:
Apache Hadoop HDFS File Path: /Users/Kevin/.m2/repository/org/apache/hadoop/hadoop-hdfs/2.7.4/hadoop-hdfs-2.7.4.jarMD5: e18f429b60662b724cad080b834717a3SHA1: 3e1414e3ae47e97f66b2eb904d3ec6c50a3e29d0SHA256: 1f3c14c446cf1692b085952b5e186ee817d7aa3011440a38da86140fe1e3d815Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid hadoop-hdfs Low Vendor pom name Apache Hadoop HDFS High Vendor jar package name hadoop Low Vendor pom description Apache Hadoop HDFS Medium Vendor pom parent-groupid org.apache.hadoop Medium Vendor jar package name apache Low Vendor file name hadoop-hdfs High Vendor pom parent-artifactid hadoop-project-dist Low Vendor pom groupid apache.hadoop Highest Vendor pom groupid org.apache.hadoop Highest Vendor jar package name hdfs Low Product pom name Apache Hadoop HDFS High Product jar package name hadoop Low Product pom description Apache Hadoop HDFS Medium Product pom parent-artifactid hadoop-project-dist Medium Product pom groupid apache.hadoop Low Product file name hadoop-hdfs High Product pom parent-groupid org.apache.hadoop Low Product pom artifactid hadoop-hdfs Highest Product jar package name hdfs Low Version pom version 2.7.4 Highest Version file version 2.7.4 Highest
Related Dependencies hadoop-annotations-2.7.4.jarFile Path: /Users/Kevin/.m2/repository/org/apache/hadoop/hadoop-annotations/2.7.4/hadoop-annotations-2.7.4.jar MD5: 6fe58898886aebb11e761f75bdc3f237 SHA1: d8e0a3abcc3fb46e1418b99d6d1328a95d9bd7b1 SHA256: 195e4f2444d8f3245d4c6e4ba89fa7fe4a2a4c793f7c55d6edee27d430ec6a03 cpe: cpe:/a:apache:hadoop:2.7.4 Published Vulnerabilities CVE-2017-15718 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-255 Credentials Management
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications. Vulnerable Software & Versions: (show all )
htrace-core-3.2.0-incubating.jarFile Path: /Users/Kevin/.m2/repository/org/apache/htrace/htrace-core/3.2.0-incubating/htrace-core-3.2.0-incubating.jarMD5: 0b1b1a63aca83a11545de49218a251bfSHA1: 8797cf3230f01e8724ef27a0ed565dabb6998c64SHA256: 508be2770ef8e83b5c32e19bb56d3fba2ee33c12f7fba25293582ad1595e30bbReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor jar package name apache Low Vendor jar package name fasterxml Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor file name htrace-core High Vendor jar package name htrace Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.htrace Highest Vendor Manifest Implementation-Vendor-Id org.apache.htrace Medium Product Manifest specification-title htrace-core Medium Product jar package name fasterxml Low Product file name htrace-core High Product Manifest Implementation-Title htrace-core High Product jar package name htrace Low Product pom artifactid htrace-core Highest Product jar package name jackson Low Version Manifest Implementation-Version 3.2.0-incubating High Version file version 3.2.0 Highest Version pom version 3.2.0-incubating Highest
cpe: cpe:/a:fasterxml:jackson:3.2.0 Confidence :Low suppress maven: org.apache.htrace:htrace-core:3.2.0-incubating Confidence :Highest httpcore-4.4.1.jarDescription:
Apache HttpComponents Core (blocking I/O)
File Path: /Users/Kevin/.m2/repository/org/apache/httpcomponents/httpcore/4.4.1/httpcore-4.4.1.jarMD5: 27bf6d5323a86a6115b607ce82512d6cSHA1: f5aa318bda4c6c8d688c9d00b90681dcd82ce636SHA256: dd1390c17d40f760f7e51bb20523a8d63deb69e94babeaf567eb76ecd2cad422Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid httpcore Low Vendor pom url http://hc.apache.org/httpcomponents-core-ga Highest Vendor pom groupid org.apache.httpcomponents Highest Vendor file name httpcore High Vendor pom parent-artifactid httpcomponents-core Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest url http://hc.apache.org/httpcomponents-core-ga Low Vendor pom name Apache HttpCore High Vendor Manifest implementation-build tags/4.4.1-RC1/httpcore@r1666708; 2015-03-14 17:26:58+0100 Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor pom description
Apache HttpComponents Core (blocking I/O)
Medium Vendor pom groupid apache.httpcomponents Highest Product pom url http://hc.apache.org/httpcomponents-core-ga Medium Product file name httpcore High Product pom artifactid httpcore Highest Product Manifest specification-title HttpComponents Apache HttpCore Medium Product pom parent-artifactid httpcomponents-core Medium Product Manifest url http://hc.apache.org/httpcomponents-core-ga Low Product Manifest Implementation-Title HttpComponents Apache HttpCore High Product pom name Apache HttpCore High Product Manifest implementation-build tags/4.4.1-RC1/httpcore@r1666708; 2015-03-14 17:26:58+0100 Low Product pom parent-groupid org.apache.httpcomponents Low Product pom groupid apache.httpcomponents Low Product pom description
Apache HttpComponents Core (blocking I/O)
Medium Version file version 4.4.1 Highest Version Manifest Implementation-Version 4.4.1 High Version pom version 4.4.1 Highest
maven: org.apache.httpcomponents:httpcore:4.4.1 Confidence :Highest httpmime-4.4.1.jarDescription:
Apache HttpComponents HttpClient - MIME coded entities
File Path: /Users/Kevin/.m2/repository/org/apache/httpcomponents/httpmime/4.4.1/httpmime-4.4.1.jarMD5: 678b75d71032e823480a41123b6b3ce2SHA1: 2f8757f5ac5e38f46c794e5229d1f3c522e9b1dfSHA256: e6b8ca9e2b9d9e1fded549c0a3cb7471a431d83294342ae1618b876113a59840Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.httpcomponents Highest Vendor pom parent-artifactid httpcomponents-client Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom name Apache HttpClient Mime High Vendor Manifest url http://hc.apache.org/httpcomponents-client Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest implementation-build tags/4.4.1-RC1/httpmime@r1668921; 2015-03-24 16:41:37+0100 Low Vendor pom description
Apache HttpComponents HttpClient - MIME coded entities
Medium Vendor pom url http://hc.apache.org/httpcomponents-client Highest Vendor file name httpmime High Vendor pom artifactid httpmime Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.httpcomponents Medium Vendor pom groupid apache.httpcomponents Highest Product pom name Apache HttpClient Mime High Product Manifest url http://hc.apache.org/httpcomponents-client Low Product Manifest specification-title HttpComponents Apache HttpClient Mime Medium Product Manifest implementation-build tags/4.4.1-RC1/httpmime@r1668921; 2015-03-24 16:41:37+0100 Low Product pom description
Apache HttpComponents HttpClient - MIME coded entities
Medium Product pom artifactid httpmime Highest Product file name httpmime High Product pom parent-groupid org.apache.httpcomponents Low Product pom url http://hc.apache.org/httpcomponents-client Medium Product pom parent-artifactid httpcomponents-client Medium Product Manifest Implementation-Title HttpComponents Apache HttpClient Mime High Product pom groupid apache.httpcomponents Low Version file version 4.4.1 Highest Version Manifest Implementation-Version 4.4.1 High Version pom version 4.4.1 Highest
maven: org.apache.httpcomponents:httpmime:4.4.1 Confidence :Highest zookeeper-3.4.10.jarLicense:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/zookeeper/zookeeper/3.4.10/zookeeper-3.4.10.jar
MD5: 550ce0afeb92ef4a75f194b143e23995
SHA1: 08eebdbb7a9df83e02eaa42d0e5da0b57bf2e4da
SHA256: caa38ce6b2f52c59c10b80f89abb544cc4279257805fc0c969010cbab1a11079
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest built-on sunil-Inspiron-3543 Low Vendor Manifest bundle-docurl http://hadoop.apache.org/zookeeper Low Vendor pom groupid org.apache.zookeeper Highest Vendor Manifest bundle-symbolicname org.apache.hadoop.zookeeper Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor file name zookeeper High Vendor pom groupid apache.zookeeper Highest Vendor pom artifactid zookeeper Low Vendor Manifest built-at 03/23/2017 12:08 GMT Low Product Manifest Bundle-Name ZooKeeper Bundle Medium Product pom groupid apache.zookeeper Low Product Manifest built-on sunil-Inspiron-3543 Low Product pom artifactid zookeeper Highest Product Manifest bundle-docurl http://hadoop.apache.org/zookeeper Low Product Manifest bundle-symbolicname org.apache.hadoop.zookeeper Medium Product file name zookeeper High Product Manifest Implementation-Title org.apache.zookeeper High Product Manifest built-at 03/23/2017 12:08 GMT Low Version pom version 3.4.10 Highest Version file version 3.4.10 Highest
maven: org.apache.zookeeper:zookeeper:3.4.10 Confidence :Highestcpe: cpe:/a:apache:zookeeper:3.4.10 Confidence :Low suppress Published Vulnerabilities CVE-2018-8012 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-285 Improper Authorization
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader. Vulnerable Software & Versions: (show all )
jackson-core-asl-1.9.13.jarDescription:
Jackson is a high-performance JSON processor (parser, generator)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/codehaus/jackson/jackson-core-asl/1.9.13/jackson-core-asl-1.9.13.jar
MD5: 319c49a4304e3fa9fe3cd8dcfc009d37
SHA1: 3c304d70f42f832e0a86d45bd437f692129299a4
SHA256: 440a9cb5ca95b215f953d3a20a6b1a10da1f09b529a9ddea5f8a4905ddab4f5a
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Vendor file name jackson-core-asl High Vendor pom organization url http://fasterxml.com Medium Vendor pom organization name FasterXML High Vendor pom groupid codehaus.jackson Highest Vendor pom groupid org.codehaus.jackson Highest Vendor pom name Jackson High Vendor Manifest bundle-symbolicname jackson-core-asl Medium Vendor pom artifactid jackson-core-asl Low Vendor Manifest specification-vendor http://www.ietf.org/rfc/rfc4627.txt Low Vendor pom url http://jackson.codehaus.org Highest Vendor Manifest Implementation-Vendor http://fasterxml.com High Vendor pom description Jackson is a high-performance JSON processor (parser, generator)
Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5, JavaSE-1.6 Low Product pom organization name FasterXML Low Product Manifest specification-title JSON - JavaScript Object Notation Medium Product file name jackson-core-asl High Product Manifest Bundle-Name Jackson JSON processor Medium Product pom organization url http://fasterxml.com Low Product pom artifactid jackson-core-asl Highest Product pom groupid codehaus.jackson Low Product pom name Jackson High Product Manifest bundle-symbolicname jackson-core-asl Medium Product pom url http://jackson.codehaus.org Medium Product Manifest Implementation-Title Jackson JSON processor High Product pom description Jackson is a high-performance JSON processor (parser, generator)
Medium Version pom version 1.9.13 Highest Version file version 1.9.13 Highest Version Manifest Implementation-Version 1.9.13 High
Related Dependencies jackson-mapper-asl-1.9.13.jarFile Path: /Users/Kevin/.m2/repository/org/codehaus/jackson/jackson-mapper-asl/1.9.13/jackson-mapper-asl-1.9.13.jar MD5: 1750f9c339352fc4b728d61b57171613 SHA1: 1ee2f2bed0e5dd29d1cb155a166e6f8d50bbddb7 SHA256: 74e7a07a76f2edbade29312a5a2ebccfa019128bc021ece3856d76197e9be0c2 cpe: cpe:/a:fasterxml:jackson:1.9.13 Confidence :Low suppress maven: org.codehaus.jackson:jackson-core-asl:1.9.13 Confidence :Highest commons-compiler-2.7.6.jarDescription:
Janino is a super-small, super-fast Java compiler. License:
http://dist.codehaus.org/janino/new_bsd_license.txt File Path: /Users/Kevin/.m2/repository/org/codehaus/janino/commons-compiler/2.7.6/commons-compiler-2.7.6.jar
MD5: b729cc841ca68ecf82dd8b035196a28a
SHA1: b71e76d942b33dfa26e4e3047ff2a774d1f917b4
SHA256: ef505581b345821e9c28c049745683514ec87642a50d06da605f60d9c8e38792
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid commons-compiler Low Vendor Manifest bundle-symbolicname org.codehaus.janino.commons-compiler;singleton:=true Medium Vendor pom parent-groupid org.codehaus.janino Medium Vendor file name commons-compiler High Vendor pom groupid codehaus.janino Highest Vendor pom parent-artifactid janino-parent Low Vendor pom name Commons Compiler High Vendor pom groupid org.codehaus.janino Highest Vendor manifest Bundle-Description Janino is a super-small, super-fast Java compiler. Medium Product pom groupid codehaus.janino Low Product pom parent-artifactid janino-parent Medium Product Manifest bundle-symbolicname org.codehaus.janino.commons-compiler;singleton:=true Medium Product file name commons-compiler High Product pom name Commons Compiler High Product pom parent-groupid org.codehaus.janino Low Product pom artifactid commons-compiler Highest Product manifest Bundle-Description Janino is a super-small, super-fast Java compiler. Medium Product Manifest Bundle-Name Commons-Compiler Medium Version file version 2.7.6 Highest Version pom version 2.7.6 Highest
maven: org.codehaus.janino:commons-compiler:2.7.6 Confidence :Highest janino-2.7.6.jarDescription:
Janino is a super-small, super-fast Java compiler. License:
http://dist.codehaus.org/janino/new_bsd_license.txt File Path: /Users/Kevin/.m2/repository/org/codehaus/janino/janino/2.7.6/janino-2.7.6.jar
MD5: 887a4a895315470f4ddf3203ef4cb115
SHA1: 37fde5de7edd5d7ebe075f03f4c083df2ac73dd8
SHA256: 8818cc9e4076d8c52f3a00cc7650caefeb3a40638cab9ff5fa8cfe188c74463d
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name Janino High Vendor Manifest bundle-symbolicname org.cohehaus.janino;singleton:=true Medium Vendor pom parent-groupid org.codehaus.janino Medium Vendor Manifest implementation-url http://janino.net Low Vendor pom groupid codehaus.janino Highest Vendor pom parent-artifactid janino-parent Low Vendor pom artifactid janino Low Vendor file name janino High Vendor pom groupid org.codehaus.janino Highest Vendor manifest Bundle-Description Janino is a super-small, super-fast Java compiler. Medium Vendor Manifest require-bundle org.codehaus.janino.commons-compiler Low Product pom name Janino High Product pom groupid codehaus.janino Low Product pom parent-artifactid janino-parent Medium Product Manifest bundle-symbolicname org.cohehaus.janino;singleton:=true Medium Product Manifest implementation-url http://janino.net Low Product pom artifactid janino Highest Product pom parent-groupid org.codehaus.janino Low Product file name janino High Product manifest Bundle-Description Janino is a super-small, super-fast Java compiler. Medium Product Manifest require-bundle org.codehaus.janino.commons-compiler Low Product Manifest Bundle-Name Janino Medium Version file version 2.7.6 Highest Version Manifest Implementation-Version 2.7.6 High Version pom version 2.7.6 Highest
maven: org.codehaus.janino:janino:2.7.6 Confidence :Highest stax2-api-3.1.4.jarDescription:
tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.php File Path: /Users/Kevin/.m2/repository/org/codehaus/woodstox/stax2-api/3.1.4/stax2-api-3.1.4.jar
MD5: c08e89de601b0a78f941b2c29db565c3
SHA1: ac19014b1e6a7c08aad07fe114af792676b685b7
SHA256: 86d7c0b775a7c9b454cc6ba61d40a8eb3b99cc129f832eb9b977a3755b4b338e
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://fasterxml.com Low Vendor Manifest bundle-symbolicname stax2-api Medium Vendor pom organization url http://fasterxml.com Medium Vendor manifest Bundle-Description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. Low Vendor pom groupid codehaus.woodstox Highest Vendor pom description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. Low Vendor pom artifactid stax2-api Low Vendor pom name Stax2 API High Vendor pom url http://wiki.fasterxml.com/WoodstoxStax2 Highest Vendor pom organization name fasterxml.com High Vendor pom groupid org.codehaus.woodstox Highest Vendor file name stax2-api High Product Manifest bundle-docurl http://fasterxml.com Low Product Manifest bundle-symbolicname stax2-api Medium Product manifest Bundle-Description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. Low Product pom organization url http://fasterxml.com Low Product pom organization name fasterxml.com Low Product pom description tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API. Low Product pom url http://wiki.fasterxml.com/WoodstoxStax2 Medium Product pom groupid codehaus.woodstox Low Product pom name Stax2 API High Product pom artifactid stax2-api Highest Product Manifest Bundle-Name Stax2 API Medium Product file name stax2-api High Version pom version 3.1.4 Highest Version file version 3.1.4 Highest
maven: org.codehaus.woodstox:stax2-api:3.1.4 Confidence :Highest woodstox-core-asl-4.4.1.jarDescription:
Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/codehaus/woodstox/woodstox-core-asl/4.4.1/woodstox-core-asl-4.4.1.jar
MD5: 1f53f91f117288fb2ef2e120f27e5498
SHA1: 84fee5eb1a4a1cefe65b6883c73b3fa83be3c1a1
SHA256: 274fa403ed08c0d6f2f574dc1916adaaaec9a493e56d6442f8797ede620bca65
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor pom organization name Codehaus High Vendor Manifest specification-vendor http://jcp.org/en/jsr/detail?id=173 Low Vendor pom groupid codehaus.woodstox Highest Vendor pom artifactid woodstox-core-asl Low Vendor file name woodstox-core-asl High Vendor pom name Woodstox High Vendor pom organization url http://www.codehaus.org/ Medium Vendor pom description Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs Medium Vendor Manifest bundle-symbolicname woodstox-core-asl Medium Vendor Manifest Implementation-Vendor http://woodstox.codehaus.org High Vendor pom url http://woodstox.codehaus.org Highest Vendor pom groupid org.codehaus.woodstox Highest Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product pom organization name Codehaus Low Product pom organization url http://www.codehaus.org/ Low Product Manifest Implementation-Title Woodstox XML-processor High Product file name woodstox-core-asl High Product pom name Woodstox High Product Manifest Bundle-Name Woodstox XML-processor Medium Product pom description Woodstox is a high-performance XML processor that
implements Stax (JSR-173) and SAX2 APIs Medium Product pom groupid codehaus.woodstox Low Product Manifest bundle-symbolicname woodstox-core-asl Medium Product pom artifactid woodstox-core-asl Highest Product pom url http://woodstox.codehaus.org Medium Product Manifest specification-title Stax 1.0 API Medium Version file version 4.4.1 Highest Version Manifest Implementation-Version 4.4.1 High Version pom version 4.4.1 Highest
maven: org.codehaus.woodstox:woodstox-core-asl:4.4.1 Confidence :Highest jetty-io-9.3.14.v20161028.jarDescription:
Jetty module for Jetty :: IO Utility License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-io/9.3.14.v20161028/jetty-io-9.3.14.v20161028.jar
MD5: 4d3aefe94291b3701779aa33076d20e1
SHA1: 52d796b58c3a997e59e6b47c4bf022cedcba3514
SHA256: 23e6676cf9de936f65214e6cef0e07ae5bd1ec4711fe40c3887b0ba3b0d4a7aa
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description Jetty module for Jetty :: IO Utility Medium Vendor file name jetty-io High Vendor Manifest bundle-symbolicname org.eclipse.jetty.io Medium Vendor pom name Jetty :: IO Utility High Vendor pom groupid org.eclipse.jetty Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Vendor pom artifactid jetty-io Low Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom groupid eclipse.jetty Highest Vendor pom parent-artifactid jetty-project Low Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor Manifest url http://www.eclipse.org/jetty Low Vendor pom parent-groupid org.eclipse.jetty Medium Vendor pom url http://www.eclipse.org/jetty Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product manifest Bundle-Description Jetty module for Jetty :: IO Utility Medium Product file name jetty-io High Product pom artifactid jetty-io Highest Product Manifest Bundle-Name Jetty :: IO Utility Medium Product Manifest bundle-symbolicname org.eclipse.jetty.io Medium Product pom name Jetty :: IO Utility High Product Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom url http://www.eclipse.org/jetty Medium Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product Manifest url http://www.eclipse.org/jetty Low Product pom groupid eclipse.jetty Low Product pom parent-artifactid jetty-project Medium Product pom parent-groupid org.eclipse.jetty Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Version pom version 9.3.14.v20161028 Highest Version file version 9.3.14.v20161028 Highest Version Manifest Implementation-Version 9.3.14.v20161028 High
maven: org.eclipse.jetty:jetty-io:9.3.14.v20161028 Confidence :Highest jetty-jmx-9.3.14.v20161028.jarDescription:
JMX management artifact for jetty. License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.php File Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-jmx/9.3.14.v20161028/jetty-jmx-9.3.14.v20161028.jar
MD5: 7517599ae46f1f22491f6701beeeec41
SHA1: d4829a57973c36f117792455024684bb6a5202aa
SHA256: 4514f891b993b7ef57c6c40c3c47f6b1b46039b0e1c3acd5e6f9c6234f55a089
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-symbolicname org.eclipse.jetty.jmx Medium Vendor pom groupid org.eclipse.jetty Highest Vendor Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Vendor pom artifactid jetty-jmx Low Vendor Manifest Implementation-Vendor Eclipse.org - Jetty High Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor pom groupid eclipse.jetty Highest Vendor pom parent-artifactid jetty-project Low Vendor pom name Jetty :: JMX Management High Vendor pom description JMX management artifact for jetty. Medium Vendor Manifest bundle-docurl http://www.eclipse.org/jetty Low Vendor manifest Bundle-Description Jetty module for Jetty :: JMX Management Medium Vendor Manifest url http://www.eclipse.org/jetty Low Vendor file name jetty-jmx High Vendor pom parent-groupid org.eclipse.jetty Medium Vendor pom url http://www.eclipse.org/jetty Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-symbolicname org.eclipse.jetty.jmx Medium Product pom artifactid jetty-jmx Highest Product Manifest bundle-copyright Copyright (c) 2008-2016 Mort Bay Consulting Pty. Ltd. Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product pom name Jetty :: JMX Management High Product pom description JMX management artifact for jetty. Medium Product Manifest Bundle-Name Jetty :: JMX Management Medium Product pom url http://www.eclipse.org/jetty Medium Product Manifest bundle-docurl http://www.eclipse.org/jetty Low Product manifest Bundle-Description Jetty module for Jetty :: JMX Management Medium Product Manifest url http://www.eclipse.org/jetty Low Product pom groupid eclipse.jetty Low Product file name jetty-jmx High Product pom parent-artifactid jetty-project Medium Product pom parent-groupid org.eclipse.jetty Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.8 Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Version pom version 9.3.14.v20161028 Highest Version file version 9.3.14.v20161028 Highest Version Manifest Implementation-Version 9.3.14.v20161028 High
Related Dependencies jetty-deploy-9.3.14.v20161028.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-deploy/9.3.14.v20161028/jetty-deploy-9.3.14.v20161028.jar MD5: f5fa8a4924e43d59574c7a4e641bd3e6 SHA1: f2aae796f4643180b4e4a159dafc4403e6b25ca7 SHA256: e45f4ce46dfcfbd362dc69e0ffa0439a192a7a84a079ea8e8064f01c1978db20 jetty-security-9.3.14.v20161028.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-security/9.3.14.v20161028/jetty-security-9.3.14.v20161028.jar MD5: f9e01313769acc5d63b5f91d822d76d1 SHA1: 68be91fa1bcc82eed1709d36e6a85db7d5aff331 SHA256: 235f2c9c71a7dceadbe7d63b3e293e9075679c964315a8707c8deb2ecfa771cf jetty-xml-9.3.14.v20161028.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-xml/9.3.14.v20161028/jetty-xml-9.3.14.v20161028.jar MD5: f0ae36279153bea0e9a7728949034223 SHA1: 3054375490c577ee6156a4b63ec262a39b36fc7e SHA256: 9b1dae0ae8208f9f5ce1b59d21ca85fa67744b82b7aab2dde29fb11838ebcaf1 jetty-continuation-9.3.14.v20161028.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-continuation/9.3.14.v20161028/jetty-continuation-9.3.14.v20161028.jar MD5: c75728e6d9eff7bdf0c57e75ecb96f56 SHA1: 4ba272cee2e367766dfdc1901c960de352160d41 SHA256: e01056f67cd867ba3628c20443b7c1443e4b3659af28c50f0cbeaef7de54ae8f jetty-rewrite-9.3.14.v20161028.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-rewrite/9.3.14.v20161028/jetty-rewrite-9.3.14.v20161028.jar MD5: cf962ef39193e7b4339df15d2eea14a7 SHA1: 823899b9456b3337422e0d98851cfe7842ef2516 SHA256: 97774bce8e9c9effa659e6526191cca12532bf3366bb25120bfafbd74d269439 jetty-http-9.3.14.v20161028.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-http/9.3.14.v20161028/jetty-http-9.3.14.v20161028.jar MD5: aa6e33fa9d4bc5d1a1f518f01f32b343 SHA1: ea3800883f79f757b2635a737bb71bb21e90cf19 SHA256: 6980af8bfb6c8a1b0703f2da24c06a2792d8494104cd99289f253936630db1b0 jetty-util-9.3.14.v20161028.jarFile Path: /Users/Kevin/.m2/repository/org/eclipse/jetty/jetty-util/9.3.14.v20161028/jetty-util-9.3.14.v20161028.jar MD5: fe67949c387ba328873640519f84ca7e SHA1: fbf89f6f3b995992f82ec09104ab9a75d31d281b SHA256: f615f68da5c354d7b73f5fc3e38cc1d65cb8fcc2b7da566004ca978ca92f1360 cpe: cpe:/a:jetty:jetty:9.3.14.v20161028 Confidence :Low suppress maven: org.eclipse.jetty:jetty-jmx:9.3.14.v20161028 Confidence :Highestcpe: cpe:/a:eclipse:jetty:9.3.14.v20161028 Confidence :Low suppress Published Vulnerabilities CVE-2017-9735 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. Vulnerable Software & Versions:
spatial4j-0.6.jarDescription:
Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's
core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance
calculations and other math, and to read shape formats like WKT and GeoJSON.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/locationtech/spatial4j/spatial4j/0.6/spatial4j-0.6.jar
MD5: baaffe1b4800337f0856c6160c255c35
SHA1: 21b15310bddcfd8c72611c180f20cf23279809a3
SHA256: 365c2904230f1fdf42de6fd81f21fd806f7e095d0395fa4449e1a2d6751861ea
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid spatial4j Low Vendor file name spatial4j High Vendor Manifest bundle-docurl http://www.locationtech.org/ Low Vendor pom groupid locationtech.spatial4j Highest Vendor Manifest bundle-symbolicname org.locationtech.spatial4j Medium Vendor pom organization url http://www.locationtech.org/ Medium Vendor pom url http://www.locationtech.org/projects/locationtech.spatial4j Highest Vendor pom description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shape formats ... Low Vendor pom groupid org.locationtech.spatial4j Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom name Spatial4J High Vendor pom organization name LocationTech High Vendor manifest Bundle-Description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shape formats ... Low Product Manifest Bundle-Name Spatial4J Medium Product file name spatial4j High Product Manifest bundle-docurl http://www.locationtech.org/ Low Product pom organization name LocationTech Low Product pom artifactid spatial4j Highest Product Manifest bundle-symbolicname org.locationtech.spatial4j Medium Product pom groupid locationtech.spatial4j Low Product pom organization url http://www.locationtech.org/ Low Product pom url http://www.locationtech.org/projects/locationtech.spatial4j Medium Product pom description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shape formats ... Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product pom name Spatial4J High Product manifest Bundle-Description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shape formats ... Low Version pom version 0.6 Highest Version file version 0.6 Highest
maven: org.locationtech.spatial4j:spatial4j:0.6 Confidence :Highest noggit-0.8.jarDescription:
Noggit is the world's fastest streaming JSON parser for Java. License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/noggit/noggit/0.8/noggit-0.8.jar
MD5: 6856f2ceab2dd7128595e4659d22d581
SHA1: ba4ad65a62d7dfcf97a8d42c82ae7d8824f9087f
SHA256: dd9901c7d72ffd97d952271e3c486ddc9c78dd25a74db69ddbf2670431c7c81f
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description Noggit is the world's fastest streaming JSON parser for Java. Medium Vendor file name noggit High Vendor pom groupid noggit Highest Vendor jar package name noggit Low Vendor pom artifactid noggit Low Vendor pom groupid org.noggit Highest Vendor pom name Noggit High Vendor pom url http://github.com/yonik/noggit Highest Product pom description Noggit is the world's fastest streaming JSON parser for Java. Medium Product file name noggit High Product pom url http://github.com/yonik/noggit Medium Product pom groupid noggit Low Product pom name Noggit High Product pom artifactid noggit Highest Version file version 0.8 Highest Version pom version 0.8 Highest
maven: org.noggit:noggit:0.8 Confidence :Highest asm-commons-5.1.jarFile Path: /Users/Kevin/.m2/repository/org/ow2/asm/asm-commons/5.1/asm-commons-5.1.jarMD5: 38839fb32c40f7f70986e9c282de0018SHA1: 25d8a575034dd9cfcb375a39b5334f0ba9c8474eSHA256: 97b3786e1f55e74bddf8ad102bf50e33bbcbc1f6b7fd7b36f0bbbb25cd4981beReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.ow2.asm Highest Vendor Manifest bundle-docurl http://asm.objectweb.org Low Vendor pom artifactid asm-commons Low Vendor Manifest bundle-symbolicname org.objectweb.asm.commons Medium Vendor pom groupid ow2.asm Highest Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor pom parent-groupid org.ow2.asm Medium Vendor pom name ASM Commons High Vendor Manifest Implementation-Vendor France Telecom R&D High Vendor file name asm-commons High Vendor pom parent-artifactid asm-parent Low Product Manifest Bundle-Name ASM commons classes Medium Product pom artifactid asm-commons Highest Product pom groupid ow2.asm Low Product Manifest Implementation-Title ASM commons classes High Product Manifest bundle-docurl http://asm.objectweb.org Low Product pom parent-groupid org.ow2.asm Low Product Manifest bundle-symbolicname org.objectweb.asm.commons Medium Product pom parent-artifactid asm-parent Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product pom name ASM Commons High Product file name asm-commons High Version Manifest Implementation-Version 5.1 High Version file version 5.1 Highest Version pom version 5.1 Highest
maven: org.ow2.asm:asm-commons:5.1 Confidence :Highest jcl-over-slf4j-1.7.7.jarDescription:
JCL 1.1.1 implemented over SLF4J File Path: /Users/Kevin/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.7/jcl-over-slf4j-1.7.7.jarMD5: 32ad130f946ef0460af416397b7fc7b7SHA1: 56003dcd0a31deea6391b9e2ef2f2dc90b205a92SHA256: c6472b5950e1c23202e567c6334e4832d1db46fad604b7a0d7af71d4a014bce2Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest Bundle-Description JCL 1.1.1 implemented over SLF4J Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Vendor pom parent-groupid org.slf4j Medium Vendor pom groupid slf4j Highest Vendor pom parent-artifactid slf4j-parent Low Vendor file name jcl-over-slf4j High Vendor pom artifactid jcl-over-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom description JCL 1.1.1 implemented over SLF4J Medium Vendor pom url http://www.slf4j.org Highest Vendor Manifest bundle-symbolicname jcl.over.slf4j Medium Vendor pom name JCL 1.1.1 implemented over SLF4J High Product pom groupid slf4j Low Product pom url http://www.slf4j.org Medium Product manifest Bundle-Description JCL 1.1.1 implemented over SLF4J Medium Product pom parent-groupid org.slf4j Low Product Manifest Implementation-Title jcl-over-slf4j High Product Manifest bundle-requiredexecutionenvironment J2SE-1.3 Low Product file name jcl-over-slf4j High Product Manifest Bundle-Name jcl-over-slf4j Medium Product pom description JCL 1.1.1 implemented over SLF4J Medium Product Manifest bundle-symbolicname jcl.over.slf4j Medium Product pom parent-artifactid slf4j-parent Medium Product pom artifactid jcl-over-slf4j Highest Product pom name JCL 1.1.1 implemented over SLF4J High Version file version 1.7.7 Highest Version Manifest Implementation-Version 1.7.7 High Version pom version 1.7.7 Highest
cpe: cpe:/a:slf4j:slf4j:1.7.7 Confidence :Low suppress maven: org.slf4j:jcl-over-slf4j:1.7.7 Confidence :Highest solr-core-7.0.1.jarDescription:
Apache Solr Core File Path: /Users/Kevin/.m2/repository/org/apache/solr/solr-core/7.0.1/solr-core-7.0.1.jarMD5: 5c9f20959e2f17b72b683b1a7098f7ddSHA1: 8aa47f1a9b4758cf81eac0b545b5e99d84a977dcSHA256: 2626736f1494323e13a560c637ec80cc8d2b687253008013bbb86c07a769aac5Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.solr Medium Vendor pom artifactid solr-core Low Vendor pom parent-artifactid solr-parent Low Vendor file name solr-core High Vendor pom groupid apache.solr Highest Vendor pom description Apache Solr Core Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.solr Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid org.apache.solr Highest Vendor pom name Apache Solr Core High Product Manifest extension-name org.apache.solr Medium Product pom parent-groupid org.apache.solr Low Product file name solr-core High Product pom description Apache Solr Core Medium Product pom parent-artifactid solr-parent Medium Product pom artifactid solr-core Highest Product Manifest Implementation-Title org.apache.solr High Product Manifest specification-title Apache Solr Search Server: solr-core Medium Product pom groupid apache.solr Low Product pom name Apache Solr Core High Version pom version 7.0.1 Highest Version file version 7.0.1 Highest
Related Dependencies solr-solrj-7.0.1.jarFile Path: /Users/Kevin/.m2/repository/org/apache/solr/solr-solrj/7.0.1/solr-solrj-7.0.1.jar MD5: 4f49daa251aadf141bb6923359cfa7dc SHA1: cba77a72c138d95c60233e0a3fd53b87ecf4dff5 SHA256: ea85e6d31d9442cf7d83ad44369da4f52355ea66545d053838f928c3f0a1548e cpe: cpe:/a:apache:solr:7.0.1 Published Vulnerabilities CVE-2017-12629 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. Vulnerable Software & Versions: (show all )
CVE-2018-1308 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Vulnerable Software & Versions: (show all )
CVE-2018-8010 suppress
Severity:Low CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. Users are advised to upgrade to either Solr 6.6.4 or Solr 7.3.1 releases both of which address the vulnerability. Once upgrade is complete, no other steps are required. Those releases only allow external entities and Xincludes that refer to local files / zookeeper resources below the Solr instance directory (using Solr's ResourceLoader); usage of absolute URLs is denied. Keep in mind, that external entities and XInclude are explicitly supported to better structure config files in large installations. Before Solr 6 this was no problem, as config files were not accessible through the APIs. Vulnerable Software & Versions: (show all )
CVE-2018-8026 suppress
Severity:Low CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. The manipulated files can be uploaded as configsets using Solr's API, allowing to exploit that vulnerability. Vulnerable Software & Versions: (show all )
umlet-12.0.jarLicense:
GNU GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/gpl.html File Path: /Users/Kevin/.m2/repository/com/umlet/umlet/12.0/umlet-12.0.jar
MD5: 22b278ab918a3b1cce2cb1c10b44516a
SHA1: 507cb009ff54ce4186bc97f615e0dbaa4b546ba2
SHA256: 68aec104c016b537de79f8eea8599d1ce1a1ea03a434ae56965d6b0360f0b054
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name umlet High Vendor Manifest bundle-symbolicname com.umlet.plugin;singleton:=true Medium Vendor pom groupid umlet Highest Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor pom name UMLet lightweight UML Editor High Vendor pom artifactid umlet Low Vendor pom groupid com.umlet Highest Vendor pom url https://code.google.com/p/umlet/ Highest Product file name umlet High Product Manifest Bundle-Name Umlet Medium Product Manifest bundle-symbolicname com.umlet.plugin;singleton:=true Medium Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product pom name UMLet lightweight UML Editor High Product pom url https://code.google.com/p/umlet/ Medium Product pom groupid umlet Low Product pom artifactid umlet Highest Version file version 12.0 Highest Version pom version 12.0 Highest
maven: com.umlet:umlet:12.0 Confidence :Highest tomcat-juli-7.0.42.jarDescription:
Tomcat Core Logging Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/tomcat/tomcat-juli/7.0.42/tomcat-juli-7.0.42.jar
MD5: ff8d7673a10e6aca13d2ac9ab91998a1
SHA1: f0049ac94514d69231c41ed96238efb94ffdd9cf
SHA256: 0c044e6b88caceb49cf1dcb8ecbd0a8cfde574c5af3d5090143607618bd5f680
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.tomcat Highest Vendor pom groupid org.apache.tomcat Highest Vendor file name tomcat-juli High Vendor pom artifactid tomcat-juli Low Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom description Tomcat Core Logging Package Medium Vendor pom url http://tomcat.apache.org/ Highest Vendor Manifest specification-vendor Apache Software Foundation Low Product pom artifactid tomcat-juli Highest Product Manifest Implementation-Title Apache Tomcat High Product file name tomcat-juli High Product Manifest specification-title Apache Tomcat Medium Product pom groupid apache.tomcat Low Product pom url http://tomcat.apache.org/ Medium Product pom description Tomcat Core Logging Package Medium Version pom version 7.0.42 Highest Version Manifest Implementation-Version 7.0.42 High Version file version 7.0.42 Highest
cpe: cpe:/a:apache_software_foundation:tomcat:7.0.42 Confidence :Low suppress maven: org.apache.tomcat:tomcat-juli:7.0.42 Confidence :Highest tomcat-annotations-api-7.0.42.jarDescription:
Annotations Package License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/tomcat/tomcat-annotations-api/7.0.42/tomcat-annotations-api-7.0.42.jar
MD5: 271b5ff84d2935a412289651cc7d9e9e
SHA1: 6fc6cc449c216e861c22ad00062ed1e6333179a5
SHA256: bc2c73407ecfe003f3da8ae64dc231bc9e882cae0f76c7e81b29a08f7647d8a4
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.tomcat Highest Vendor file name tomcat-annotations-api High Vendor pom groupid org.apache.tomcat Highest Vendor manifest: javax/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-annotations-api Low Vendor pom description Annotations Package Medium Vendor pom url http://tomcat.apache.org/ Highest Product pom artifactid tomcat-annotations-api Highest Product manifest: javax/servlet/ Implementation-Title javax.servlet Medium Product file name tomcat-annotations-api High Product manifest: javax/servlet/ Specification-Title Java API for Servlets (Annotations) Medium Product pom groupid apache.tomcat Low Product pom description Annotations Package Medium Product pom url http://tomcat.apache.org/ Medium Version pom version 7.0.42 Highest Version file version 7.0.42 Highest
maven: org.apache.tomcat:tomcat-annotations-api:7.0.42 Confidence :Highest tomcat-api-7.0.42.jarDescription:
Definition of interfaces shared by Catalina and Jasper License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/tomcat/tomcat-api/7.0.42/tomcat-api-7.0.42.jar
MD5: 55465a546c4a8528b0c9c7f009d6597b
SHA1: 9d67cf4dbe291c2de61b8e03445cfc87dcd6f580
SHA256: 9647161c81c64bbf464f1a5e13cf96a5e2a27f61c4854cfb13464bc3e1bfb34b
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.tomcat Highest Vendor file name tomcat-api High Vendor pom description Definition of interfaces shared by Catalina and Jasper Medium Vendor pom groupid org.apache.tomcat Highest Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor pom url http://tomcat.apache.org/ Highest Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom artifactid tomcat-api Low Product file name tomcat-api High Product pom artifactid tomcat-api Highest Product Manifest Implementation-Title Apache Tomcat High Product pom description Definition of interfaces shared by Catalina and Jasper Medium Product Manifest specification-title Apache Tomcat Medium Product pom groupid apache.tomcat Low Product pom url http://tomcat.apache.org/ Medium Version pom version 7.0.42 Highest Version Manifest Implementation-Version 7.0.42 High Version file version 7.0.42 Highest
Related Dependencies tomcat-servlet-api-7.0.42.jarFile Path: /Users/Kevin/.m2/repository/org/apache/tomcat/tomcat-servlet-api/7.0.42/tomcat-servlet-api-7.0.42.jar MD5: efb3c0e918cfc499391afbafa452f93c SHA1: 922c2671e03551564602c0be631f0035f67c4ff2 SHA256: 9bc0d4a7c0e09f356a35118fd235dcdbd2980682c45f2e00b4dfebb9079ba937 cpe: cpe:/a:apache:tomcat:7.0.42 tomcat-catalina-7.0.42.jarFile Path: /Users/Kevin/.m2/repository/org/apache/tomcat/tomcat-catalina/7.0.42/tomcat-catalina-7.0.42.jar MD5: fc5a16612c364f2b3df073377776f0a9 SHA1: 4b91821da5ca3ca605d377e548aeba2a7e008527 SHA256: 0a6d3f047041328ab61bcc0f0fed11477748d6b458c6abbbf35bf9094384779f cpe: cpe:/a:apache:tomcat:7.0.42 tomcat-util-7.0.42.jarFile Path: /Users/Kevin/.m2/repository/org/apache/tomcat/tomcat-util/7.0.42/tomcat-util-7.0.42.jar MD5: 8e8f6585cc2238e5fd5e213757a10f7c SHA1: 4c5774b395ae57e54043acc0765a51713ed123bc SHA256: 60dfadda9abaffad25634eb4b3206137f70278d0828abd924045af67ab080c7d cpe: cpe:/a:apache:tomcat:7.0.42 maven: org.apache.tomcat:tomcat-api:7.0.42 Confidence :Highestcpe: cpe:/a:apache_software_foundation:tomcat:7.0.42 Confidence :Low suppress cpe: cpe:/a:apache_tomcat:apache_tomcat:7.0.42 Confidence :Low suppress cpe: cpe:/a:apache:tomcat:7.0.42 Confidence :Highest suppress Published Vulnerabilities CVE-2013-0346 suppress
Severity:Low CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." Vulnerable Software & Versions: (show all )
CVE-2013-4286 suppress
Severity:Medium CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. Vulnerable Software & Versions: (show all )
CVE-2013-4322 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. Vulnerable Software & Versions: (show all )
CVE-2013-4590 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Vulnerable Software & Versions: (show all )
CVE-2014-0050 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Vulnerable Software & Versions: (show all )
CVE-2014-0075 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. Vulnerable Software & Versions: (show all )
CVE-2014-0096 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Vulnerable Software & Versions: (show all )
CVE-2014-0099 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Vulnerable Software & Versions: (show all )
CVE-2014-0119 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. Vulnerable Software & Versions: (show all )
CVE-2014-0227 suppress
Severity:Medium CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) CWE: CWE-19 Data Processing Errors
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. Vulnerable Software & Versions: (show all )
CVE-2014-0230 suppress
Severity:High CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CWE: CWE-399 Resource Management Errors
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. Vulnerable Software & Versions: (show all )
CVE-2014-7810 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-284 Improper Access Control
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. Vulnerable Software & Versions: (show all )
CVE-2015-5174 suppress
Severity:Medium CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. Vulnerable Software & Versions: (show all )
CVE-2015-5345 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. Vulnerable Software & Versions: (show all )
CVE-2015-5346 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. Vulnerable Software & Versions: (show all )
CVE-2015-5351 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-352 Cross-Site Request Forgery (CSRF)
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. Vulnerable Software & Versions: (show all )
CVE-2016-0706 suppress
Severity:Medium CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. Vulnerable Software & Versions: (show all )
CVE-2016-0714 suppress
Severity:Medium CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. Vulnerable Software & Versions: (show all )
CVE-2016-0762 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. Vulnerable Software & Versions: (show all )
CVE-2016-0763 suppress
Severity:Medium CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. Vulnerable Software & Versions: (show all )
CVE-2016-3092 suppress
Severity:High CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CWE: CWE-20 Improper Input Validation
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Vulnerable Software & Versions: (show all )
CVE-2016-5018 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-254 7PK - Security Features
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. Vulnerable Software & Versions: (show all )
CVE-2016-5388 suppress
Severity:Medium CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CWE: CWE-284 Improper Access Control
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability. Vulnerable Software & Versions: (show all )
CVE-2016-5425 suppress
Severity:High CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:High CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. Vulnerable Software & Versions:
CVE-2016-6794 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. Vulnerable Software & Versions: (show all )
CVE-2016-6796 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-254 7PK - Security Features
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. Vulnerable Software & Versions: (show all )
CVE-2016-6797 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-284 Improper Access Control
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. Vulnerable Software & Versions: (show all )
CVE-2016-6816 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-20 Improper Input Validation
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. Vulnerable Software & Versions: (show all )
CVE-2016-8735 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-284 Improper Access Control
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. Vulnerable Software & Versions: (show all )
CVE-2016-8745 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-388
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions. Vulnerable Software & Versions: (show all )
CVE-2017-12615 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-434 Unrestricted Upload of File with Dangerous Type
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Vulnerable Software & Versions: (show all )
CVE-2017-12616 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. Vulnerable Software & Versions: (show all )
CVE-2017-12617 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-434 Unrestricted Upload of File with Dangerous Type
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Vulnerable Software & Versions: (show all )
CVE-2017-5647 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. Vulnerable Software & Versions: (show all )
CVE-2017-5648 suppress
Severity:Medium CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) CWE: CWE-284 Improper Access Control
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Vulnerable Software & Versions: (show all )
CVE-2017-5664 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-254 7PK - Security Features
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. Vulnerable Software & Versions: (show all )
CVE-2017-6056 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-19 Data Processing Errors
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. Vulnerable Software & Versions:
CVE-2017-7674 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-345 Insufficient Verification of Data Authenticity
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. Vulnerable Software & Versions: (show all )
CVE-2018-1304 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-254 7PK - Security Features
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. Vulnerable Software & Versions: (show all )
CVE-2018-1305 suppress
Severity:Medium CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) CWE: CWE-284 Improper Access Control
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. Vulnerable Software & Versions: (show all )
CVE-2018-1336 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. Vulnerable Software & Versions: (show all )
CVE-2018-8014 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-254 7PK - Security Features
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. Vulnerable Software & Versions: (show all )
CVE-2018-8034 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-295 Improper Certificate Validation
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. Vulnerable Software & Versions: (show all )
commons-beanutils-core-1.7.0.jarFile Path: /Users/Kevin/.m2/repository/commons-beanutils/commons-beanutils-core/1.7.0/commons-beanutils-core-1.7.0.jarMD5: 458b500e7283d295f69a93ffc4a15293SHA1: 52f7701e1e9fd1d2b93379503c0bc839d2caf68dSHA256: dbdac3b81a1c22a1d09b8c4a1c55b00af4767bd068838651c04c2f130172a207Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name commons-beanutils-core High Vendor pom artifactid commons-beanutils-core Low Vendor Manifest extension-name org.apache.commons.beanutils Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest specification-vendor Apache Software Foundation Low Vendor pom groupid commons-beanutils Highest Product pom artifactid commons-beanutils-core Highest Product Manifest specification-title Jakarta Commons Beanutils Medium Product file name commons-beanutils-core High Product pom groupid commons-beanutils Low Product Manifest extension-name org.apache.commons.beanutils Medium Product Manifest Implementation-Title org.apache.commons.beanutils High Version file version 1.7.0 Highest Version pom version 1.7.0 Highest
cpe: cpe:/a:apache:commons_beanutils:1.7.0 Confidence :Low suppress maven: commons-beanutils:commons-beanutils-core:1.7.0 Confidence :Highest Published Vulnerabilities CVE-2014-0114 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-20 Improper Input Validation
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. Vulnerable Software & Versions: (show all )
xmlParserAPIs-2.6.2.jarFile Path: /Users/Kevin/.m2/repository/xerces/xmlParserAPIs/2.6.2/xmlParserAPIs-2.6.2.jarMD5: 2651f9f7c39e3524f3e2c394625ac63aSHA1: 065acede1e5305bd2b92213d7b5761328c6f4fd9SHA256: 1c2867be1faa73c67e9232631241eb1df4cd0763048646e7bb575a9980e9d7e5Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name xmlParserAPIs High Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor pom groupid xerces Highest Vendor manifest: javax/xml/parsers/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/apache/xmlcommons/Version Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid xmlParserAPIs Low Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 2 Core Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.transform Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product file name xmlParserAPIs High Product manifest: org/apache/xmlcommons/Version Implementation-Title org.apache.xmlcommons.Version Medium Product pom groupid xerces Low Product pom artifactid xmlParserAPIs Highest Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Version file version 2.6.2 Highest Version pom version 2.6.2 Highest
maven: xerces:xmlParserAPIs:2.6.2 Confidence :Highest xercesImpl-2.6.2.jarFile Path: /Users/Kevin/.m2/repository/xerces/xercesImpl/2.6.2/xercesImpl-2.6.2.jarMD5: c4c5a77f9e61f33d80780176451d71c2SHA1: 897bcb56d6b7fe2070a5f561bfc78968ecdd3851SHA256: 7512957342dc34290f27c0d5fd4313e00acb1e6dbe2992fd4ca66b46d7200035Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest: org/apache/xerces/xni/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xerces/impl/Version.class Implementation-Vendor Apache Software Foundation Medium Vendor file name xercesImpl High Vendor manifest: org/xml/sax/ Implementation-Vendor David Megginson Medium Vendor manifest: javax/xml/transform/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor pom artifactid xercesImpl Low Vendor pom groupid xerces Highest Vendor manifest: javax/xml/parsers/ Implementation-Vendor Sun Microsystems Inc. Medium Vendor manifest: org/w3c/dom/ Implementation-Vendor World Wide Web Consortium Medium Product manifest: org/w3c/dom/ Specification-Title Document Object Model, Level 2 Core Medium Product manifest: javax/xml/transform/ Implementation-Title javax.xml.transform Medium Product pom artifactid xercesImpl Highest Product manifest: org/xml/sax/ Specification-Title Simple API for XML Medium Product manifest: org/apache/xerces/xni/ Implementation-Title org.apache.xerces.xni Medium Product manifest: org/apache/xerces/impl/Version.class Implementation-Title org.apache.xerces.impl.Version Medium Product manifest: javax/xml/parsers/ Specification-Title Java API for XML Processing Medium Product manifest: javax/xml/parsers/ Implementation-Title javax.xml.parsers Medium Product manifest: org/apache/xerces/xni/ Specification-Title Xerces Native Interface Medium Product manifest: org/xml/sax/ Implementation-Title org.xml.sax Medium Product pom groupid xerces Low Product file name xercesImpl High Product manifest: javax/xml/transform/ Specification-Title Java API for XML Processing Medium Product manifest: org/w3c/dom/ Implementation-Title org.w3c.dom Medium Version file version 2.6.2 Highest Version pom version 2.6.2 Highest
maven: xerces:xercesImpl:2.6.2 Confidence :Highest xalan-2.7.0.jarFile Path: /Users/Kevin/.m2/repository/xalan/xalan/2.7.0/xalan-2.7.0.jarMD5: a018d032c21a873225e702b36b171a10SHA1: a33c0097f1c70b20fa7ded220ea317eb3500515eSHA256: bf1f065efd6e3d5cb964db4130815752015873338999d23dcafc2dbc89fc7d9bReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest: org/apache/xalan/ Implementation-Vendor Apache Software Foundation Medium Vendor file name xalan High Vendor manifest: org/apache/xml/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: java_cup/runtime/ Implementation-Vendor Princeton University Medium Vendor manifest: org/apache/xpath/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: org/apache/xalan/xsltc/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid xalan Low Vendor pom groupid xalan Highest Product manifest: org/apache/xml/ Implementation-Title org.apache.xml Medium Product manifest: org/apache/xalan/ Specification-Title Java API for XML Processing Medium Product file name xalan High Product manifest: org/apache/xalan/ Implementation-Title org.apache.xalan Medium Product manifest: java_cup/runtime/ Specification-Title Runtime component of JCup Medium Product manifest: org/apache/xalan/xsltc/ Implementation-Title org.apache.xalan.xsltc Medium Product pom artifactid xalan Highest Product pom groupid xalan Low Product manifest: org/apache/xpath/ Implementation-Title org.apache.xpath Medium Product manifest: java_cup/runtime/ Implementation-Title runtime Medium Product manifest: org/apache/xalan/xsltc/ Specification-Title Java API for XML Processing Medium Version file version 2.7.0 Highest Version pom version 2.7.0 Highest
Published Vulnerabilities CVE-2014-0107 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function. Vulnerable Software & Versions: (show all )
xom-1.1.jarFile Path: /Users/Kevin/.m2/repository/xom/xom/1.1/xom-1.1.jarMD5: 6b5e76db86d7ae32a451ffdb6fce0764SHA1: 6705564269d976dbc0d869b58aca25290c0eb4cbSHA256: 05d513cce3f19c1bc4b06c545431da10dbd2f96b4e83aa715d2fe92b06d951a7Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest specification-vendor Elliotte Rusty Harold Low Vendor pom name xom High Vendor Manifest Implementation-Vendor Elliotte Rusty Harold High Vendor manifest: org/jaxen/ Implementation-Vendor CodeHaus Medium Vendor manifest: nu/xom/ Implementation-Vendor Elliotte Rusty Harold Medium Vendor pom groupid xom Highest Vendor pom artifactid xom Low Vendor file name xom High Vendor pom url http://www.xom.nu Highest Product pom name xom High Product pom artifactid xom Highest Product pom groupid xom Low Product manifest: org/jaxen/ Specification-Title Jaxen XPath engine Medium Product manifest: nu/xom/converters/ Implementation-Title nu.xom.converters Medium Product manifest: nu/xom/canonical/ Implementation-Title nu.xom.canonical Medium Product Manifest Implementation-Title XOM High Product manifest: nu/xom/ Specification-Title XOM core classes Medium Product manifest: nu/xom/xinclude/ Specification-Title XOM XInclude engine Medium Product manifest: org/jaxen/ Implementation-Title org.jaxen Medium Product Manifest specification-title XOM Medium Product manifest: nu/xom/ Implementation-Title nu.xom Medium Product manifest: nu/xom/canonical/ Specification-Title XOM Canonical XML support Medium Product manifest: nu/xom/xslt/ Implementation-Title nu.xom.xslt Medium Product manifest: nu/xom/xinclude/ Implementation-Title nu.xom.xinclude Medium Product file name xom High Product manifest: nu/xom/converters/ Specification-Title XOM converters to other object models Medium Product pom url http://www.xom.nu Medium Product manifest: nu/xom/xslt/ Specification-Title XOM XSLT interface Medium Version pom version 1.1 Highest Version Manifest Implementation-Version 1.1 High Version file version 1.1 Highest
maven: xom:xom:1.1 Confidence :Highest bsh-core-2.0b4.jarDescription:
BeanShell core File Path: /Users/Kevin/.m2/repository/org/beanshell/bsh-core/2.0b4/bsh-core-2.0b4.jarMD5: bab431f0908fde87034f0c34c6cf1e30SHA1: 495e25a99e29970ffe8ba0b1d551e1d1a9991fc1SHA256: d7cfeb28b2af7b53ef570dd742b8731ed7f71a938e6e9a73384940f4c818d069Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name bsh-core High Vendor Manifest Implementation-Vendor Pat Niemeyer (pat@pat.net) High Vendor pom description BeanShell core Medium Vendor hint analyzer vendor beanshell_project Highest Vendor pom groupid org.beanshell Highest Vendor pom name BeanShell core High Vendor pom groupid beanshell Highest Vendor pom parent-groupid org.beanshell Medium Vendor pom artifactid bsh-core Low Vendor Manifest specification-vendor http://www.beanshell.org/ Low Vendor pom parent-artifactid beanshell Low Product pom groupid beanshell Low Product pom artifactid bsh-core Highest Product file name bsh-core High Product pom description BeanShell core Medium Product Manifest specification-title BeanShell core Medium Product pom name BeanShell core High Product hint analyzer product beanshell Highest Product pom parent-groupid org.beanshell Low Product pom parent-artifactid beanshell Medium Version pom version 2.0b4 Highest Version file version 2.0.b4 Highest
maven: org.beanshell:bsh-core:2.0b4 Confidence :Highestcpe: cpe:/a:beanshell_project:beanshell:2.0.b4 Confidence :Low suppress Published Vulnerabilities CVE-2016-2510 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-19 Data Processing Errors
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler. Vulnerable Software & Versions:
batik-ext-1.7.jarLicense:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/xmlgraphics/batik-ext/1.7/batik-ext-1.7.jar
MD5: 080f3a49c658693dfbb4e48b0bfc8f07
SHA1: 4784302b44a0336166fef6153a5e3d73e861aecc
SHA256: de85a6de7cdd36ee9ff28dfe7e03d515be92a702d61028f8928c0cd56f1ee375
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom url http://xmlgraphics.apache.org/batik/ Highest Vendor pom organization name Apache Software Foundation High Vendor pom groupid apache.xmlgraphics Highest Vendor pom name Batik external code High Vendor Manifest Implementation-Vendor The Apache Software Foundation (http://xmlgraphics.apache.org/batik/) High Vendor pom artifactid batik-ext Low Vendor pom groupid org.apache.xmlgraphics Highest Vendor file name batik-ext High Vendor pom organization url http://www.apache.org/ Medium Product pom organization url http://www.apache.org/ Low Product pom artifactid batik-ext Highest Product pom name Batik external code High Product pom organization name Apache Software Foundation Low Product Manifest Implementation-Title Batik external code High Product pom url http://xmlgraphics.apache.org/batik/ Medium Product file name batik-ext High Product pom groupid apache.xmlgraphics Low Version pom version 1.7 Highest Version file version 1.7 Highest
Related Dependencies batik-css-1.7.jarFile Path: /Users/Kevin/.m2/repository/org/apache/xmlgraphics/batik-css/1.7/batik-css-1.7.jar MD5: b0203e64b3c06729baa0ef84743ab119 SHA1: e6bb5c85753331534593f33fb9236acb41a0ab79 SHA256: 91694732cee7c2b2b8bf6792842867407eaa816be065087f1f444fc06b46b578 cpe: cpe:/a:apache:batik:1.7 batik-util-1.7.jarFile Path: /Users/Kevin/.m2/repository/org/apache/xmlgraphics/batik-util/1.7/batik-util-1.7.jar MD5: 99f99684b6df6200e529575dccce9970 SHA1: 5c4dd0dd9a86a2fba2c6ea26fb62b32b21b2a61e SHA256: 9e3f1f53bfccdc942dbe2ceaa94ffe23c63ba3703e40941572205420dfcad81e cpe: cpe:/a:apache:batik:1.7 cpe: cpe:/a:apache:batik:1.7 Confidence :Highest suppress maven: org.apache.xmlgraphics:batik-ext:1.7 Confidence :Highest Published Vulnerabilities CVE-2015-0250 suppress
Severity:Medium CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. Vulnerable Software & Versions: (show all )
CVE-2017-5662 suppress
Severity:High CVSS Score: 7.9 (AV:N/AC:M/Au:S/C:C/I:N/A:C) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack. Vulnerable Software & Versions:
CVE-2018-8013 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-502 Deserialization of Untrusted Data
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. Vulnerable Software & Versions: (show all )
xml-apis-ext-1.3.04.jarDescription:
xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun. File Path: /Users/Kevin/.m2/repository/xml-apis/xml-apis-ext/1.3.04/xml-apis-ext-1.3.04.jarMD5: bcb07d3b8d2397db7a3013b6465d347bSHA1: 41a8b86b358e87f3f13cf46069721719105aff66SHA256: d0b4887dc34d57de49074a58affad439a013d0baffa1a8034f8ef2a5ea191646Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest: org/w3c/dom/smil/ Implementation-Vendor World Wide Web Consortium Medium Vendor manifest: org/w3c/css/sac/ Implementation-Vendor World Wide Web Consortium Medium Vendor pom name XML Commons External Components XML APIs Extensions High Vendor pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low Vendor pom groupid xml-apis Highest Vendor pom parent-artifactid apache Low Vendor pom parent-groupid org.apache Medium Vendor pom url http://xml.apache.org/commons/components/external/ Highest Vendor pom artifactid xml-apis-ext Low Vendor file name xml-apis-ext High Vendor manifest: org/w3c/dom/svg/ Implementation-Vendor World Wide Web Consortium Medium Product pom name XML Commons External Components XML APIs Extensions High Product manifest: org/w3c/dom/smil/ Specification-Title Document Object Model (DOM) for Synchronized Multimedia Integration Language (SMIL) Medium Product manifest: org/w3c/dom/svg/ Specification-Title Document Object Model (DOM) for Scalable Vector Graphics (SVG) Medium Product manifest: org/w3c/dom/svg/ Implementation-Title org.w3c.dom.svg Medium Product pom description xml-commons provides an Apache-hosted set of DOM, SAX, and JAXP interfaces for use in other xml-based projects. Our hope is that we can standardize on both a common version and packaging scheme for these critical XML standards interfaces to make the lives of both our developers and users easier. The External Components portion of xml-commons contains interfaces that are defined by external standards organizations. For DOM, that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for JAXP it's Sun. Low Product manifest: org/w3c/dom/smil/ Implementation-Title org.w3c.dom.smil Medium Product manifest: org/w3c/css/sac/ Specification-Title Simple API for CSS Medium Product pom artifactid xml-apis-ext Highest Product pom groupid xml-apis Low Product pom parent-artifactid apache Medium Product file name xml-apis-ext High Product pom parent-groupid org.apache Low Product manifest: org/w3c/css/sac/ Implementation-Title org.w3c.css.sac Medium Product pom url http://xml.apache.org/commons/components/external/ Medium Version pom version 1.3.04 Highest Version file version 1.3.04 Highest
maven: xml-apis:xml-apis-ext:1.3.04 Confidence :Highest nekohtml-1.9.12.jarLicense:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/net/sourceforge/nekohtml/nekohtml/1.9.12/nekohtml-1.9.12.jar
MD5: 0e5bd4ce84fab674dbc0c95c4bd193d0
SHA1: 6b58cfa01218d900a5c5996b82b52cffab981c0a
SHA256: 7580bbf927c939ffb81139ec42fec395f7228c1d81ca8757261e119e7876cc80
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom url http://nekohtml.sourceforge.net/ Highest Vendor pom name Neko HTML High Vendor pom artifactid nekohtml Low Vendor file name nekohtml High Vendor pom groupid net.sourceforge.nekohtml Highest Vendor manifest: org/cyberneko/html/ Implementation-Vendor Andy Clark Medium Product manifest: org/cyberneko/html/ Implementation-Title CyberNeko HTML Parser Medium Product pom artifactid nekohtml Highest Product pom groupid net.sourceforge.nekohtml Low Product pom url http://nekohtml.sourceforge.net/ Medium Product manifest: org/cyberneko/html/ Specification-Title Hyper-Text Markup Language (HTML) Medium Product pom name Neko HTML High Product file name nekohtml High Version file version 1.9.12 Highest Version pom version 1.9.12 Highest
maven: net.sourceforge.nekohtml:nekohtml:1.9.12 Confidence :Highest commons-httpclient-3.1.jarDescription:
The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. License:
Apache License: http://www.apache.org/licenses/LICENSE-2.0 File Path: /Users/Kevin/.m2/repository/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar
MD5: 8ad8c9229ef2d59ab9f59f7050e846a5
SHA1: 964cd74171f427720480efdec40a7c7f6e58426a
SHA256: dbd4953d013e10e7c1cc3701a3e6ccd8c950c892f08d804fabfac21705930443
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor manifest: org/apache/commons/httpclient Implementation-Vendor Apache Software Foundation Medium Vendor pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Highest Vendor pom organization name Apache Software Foundation High Vendor pom name HttpClient High Vendor file name commons-httpclient High Vendor pom organization url http://jakarta.apache.org/ Medium Vendor pom artifactid commons-httpclient Low Vendor pom groupid commons-httpclient Highest Vendor pom description The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. Low Product pom artifactid commons-httpclient Highest Product pom groupid commons-httpclient Low Product pom organization url http://jakarta.apache.org/ Low Product manifest: org/apache/commons/httpclient Specification-Title Jakarta Commons HttpClient Medium Product pom name HttpClient High Product file name commons-httpclient High Product pom organization name Apache Software Foundation Low Product pom description The HttpClient component supports the client-side of RFC 1945 (HTTP/1.0) and RFC 2616 (HTTP/1.1) , several related specifications (RFC 2109 (Cookies) , RFC 2617 (HTTP Authentication) , etc.), and provides a framework by which new request types (methods) or HTTP extensions can be created easily. Low Product pom url http://jakarta.apache.org/httpcomponents/httpclient-3.x/ Medium Product manifest: org/apache/commons/httpclient Implementation-Title org.apache.commons.httpclient Medium Version pom version 3.1 Highest Version file version 3.1 Highest
cpe: cpe:/a:apache:httpclient:3.1 Confidence :Low suppress cpe: cpe:/a:apache:commons-httpclient:3.1 Confidence :Low suppress maven: commons-httpclient:commons-httpclient:3.1 Confidence :Highest antisamy-1.4.3.jarFile Path: /Users/Kevin/.m2/repository/org/owasp/antisamy/antisamy/1.4.3/antisamy-1.4.3.jarMD5: 9c7777853e159535f4d510b4dc0a88a9SHA1: 6bac1ebc43ac3db223f592ce904ac4c2f3ef26e5SHA256: a1e7e3cf60798f4b6024d68dec65baa52ec7ad09cff136c4d675a54c408db618Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name OWASP AntiSamy High Vendor Manifest Implementation-Vendor The Open Web Application Security Project (OWASP) High Vendor pom parent-artifactid antisamy-project Low Vendor pom groupid owasp.antisamy Highest Vendor pom artifactid antisamy Low Vendor pom groupid org.owasp.antisamy Highest Vendor Manifest Implementation-Vendor-Id org.owasp.antisamy Medium Vendor file name antisamy High Vendor pom parent-groupid org.owasp.antisamy Medium Product pom name OWASP AntiSamy High Product pom parent-artifactid antisamy-project Medium Product Manifest Implementation-Title OWASP AntiSamy High Product file name antisamy High Product pom parent-groupid org.owasp.antisamy Low Product pom groupid owasp.antisamy Low Product pom artifactid antisamy Highest Version Manifest Implementation-Version 1.4.3 High Version pom version 1.4.3 Highest Version file version 1.4.3 Highest
Published Vulnerabilities CVE-2016-10006 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS. Vulnerable Software & Versions:
CVE-2017-14735 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL. Vulnerable Software & Versions: (show all )
CVE-2018-1000643 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP OWASP ANTISAMY version 1.5.7 and earlier contains a Cross Site Scripting (XSS) vulnerability in AntiSamy.scan() - for both SAX & DOM that can result in Cross Site Scripting. Vulnerable Software & Versions:
esapi-2.0.1.jarDescription:
The Enterprise Security API (ESAPI) project is an OWASP project
to create simple strong security controls for every web platform.
Security controls are not simple to build. You can read about the
hundreds of pitfalls for unwary developers on the OWASP website. By
providing developers with a set of strong controls, we aim to
eliminate some of the complexity of creating secure web applications.
This can result in significant cost savings across the SDLC.
License:
BSD: http://www.opensource.org/licenses/bsd-license.php
Creative Commons 3.0 BY-SA: http://creativecommons.org/licenses/by-sa/3.0/ File Path: /Users/Kevin/.m2/repository/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar
MD5: 90c61b27a98c1e0940381b47efe93852
SHA1: 2ea3b87c948dbc0c77a17fe24fda961ecc38c6f2
SHA256: 337ce7afc69ebed3851ba512060615e77ad488252cab210803b1e129da506302
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid owasp.esapi Highest Vendor pom description The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP website. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC. Low Vendor pom url http://www.esapi.org/ Highest Vendor file name esapi High Vendor Manifest Implementation-Vendor The Open Web Application Security Project (OWASP) High Vendor pom artifactid esapi Low Vendor pom organization name The Open Web Application Security Project (OWASP) High Vendor pom organization url http://www.owasp.org/index.php Medium Vendor pom groupid org.owasp.esapi Highest Vendor Manifest Implementation-Vendor-Id org.owasp.esapi Medium Vendor Manifest specification-vendor The Open Web Application Security Project (OWASP) Low Vendor pom name ESAPI High Product file name esapi High Product pom organization url http://www.owasp.org/index.php Low Product Manifest Implementation-Title ESAPI High Product pom groupid owasp.esapi Low Product pom organization name The Open Web Application Security Project (OWASP) Low Product pom url http://www.esapi.org/ Medium Product pom artifactid esapi Highest Product Manifest specification-title ESAPI Medium Product pom description The Enterprise Security API (ESAPI) project is an OWASP project to create simple strong security controls for every web platform. Security controls are not simple to build. You can read about the hundreds of pitfalls for unwary developers on the OWASP website. By providing developers with a set of strong controls, we aim to eliminate some of the complexity of creating secure web applications. This can result in significant cost savings across the SDLC. Low Product pom name ESAPI High Version pom version 2.0.1 Highest Version Manifest Implementation-Version 2.0.1 High Version file version 2.0.1 Highest
Published Vulnerabilities CVE-2013-5679 suppress
Severity:Low CVSS Score: 2.6 (AV:L/AC:H/Au:N/C:P/I:P/A:N) CWE: CWE-310 Cryptographic Issues
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length. Vulnerable Software & Versions: (show all )
CVE-2013-5960 suppress
Severity:Medium CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) CWE: CWE-310 Cryptographic Issues
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679. Vulnerable Software & Versions: (show all )
tomcat-coyote-7.0.0.jarDescription:
Tomcat Connectors and HTTP parser File Path: /Users/Kevin/.m2/repository/org/apache/tomcat/tomcat-coyote/7.0.0/tomcat-coyote-7.0.0.jarMD5: cd8fcb87a3eb0bd7dec0d1b26722e9e9SHA1: fb07ea462132c8df498254b1ee4af0c2795251fbSHA256: 6aa5878498e9da136dd3f8b83a1887b9926f886cbc7ef9237526bf80a23f27daReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid apache.tomcat Highest Vendor pom artifactid tomcat-coyote Low Vendor pom groupid org.apache.tomcat Highest Vendor pom description Tomcat Connectors and HTTP parser Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor file name tomcat-coyote High Vendor Manifest specification-vendor Apache Software Foundation Low Product Manifest Implementation-Title Apache Tomcat High Product pom description Tomcat Connectors and HTTP parser Medium Product Manifest specification-title Apache Tomcat Medium Product pom groupid apache.tomcat Low Product file name tomcat-coyote High Product pom artifactid tomcat-coyote Highest Version pom version 7.0.0 Highest Version Manifest Implementation-Version 7.0.0 High Version file version 7.0.0 Highest
cpe: cpe:/a:apache:coyote_http_connector:7.0.0 Confidence :Low suppress cpe: cpe:/a:apache:tomcat_connectors:7.0.0 Confidence :Low suppress maven: org.apache.tomcat:tomcat-coyote:7.0.0 Confidence :Highestcpe: cpe:/a:apache_software_foundation:tomcat:7.0.0 Confidence :Low suppress cpe: cpe:/a:apache_tomcat:apache_tomcat:7.0.0 Confidence :Low suppress cpe: cpe:/a:apache:tomcat:7.0.0 Confidence :Highest suppress Published Vulnerabilities CVE-2010-2227 suppress
Severity:Medium CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P) CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer." Vulnerable Software & Versions: (show all )
CVE-2010-3718 suppress
Severity:Low CVSS Score: 1.2 (AV:L/AC:H/Au:N/C:N/I:P/A:N)
Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack. Vulnerable Software & Versions: (show all )
CVE-2010-4172 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications. Vulnerable Software & Versions: (show all )
CVE-2011-0013 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag. Vulnerable Software & Versions: (show all )
CVE-2011-0534 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-399 Resource Management Errors
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request. Vulnerable Software & Versions: (show all )
CVE-2011-1088 suppress
Severity:Medium CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. Vulnerable Software & Versions: (show all )
CVE-2011-1184 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values. Vulnerable Software & Versions: (show all )
CVE-2011-1419 suppress
Severity:Medium CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088. Vulnerable Software & Versions: (show all )
CVE-2011-1475 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-20 Improper Input Validation
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." Vulnerable Software & Versions: (show all )
CVE-2011-2204 suppress
Severity:Low CVSS Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file. Vulnerable Software & Versions: (show all )
CVE-2011-2481 suppress
Severity:Medium CVSS Score: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression. Vulnerable Software & Versions: (show all )
CVE-2011-2526 suppress
Severity:Medium CVSS Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-20 Improper Input Validation
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application. Vulnerable Software & Versions: (show all )
CVE-2011-2729 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application. Vulnerable Software & Versions: (show all )
CVE-2011-3190 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. Vulnerable Software & Versions: (show all )
CVE-2011-3375 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. Vulnerable Software & Versions: (show all )
CVE-2011-3376 suppress
Severity:Medium CVSS Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. Vulnerable Software & Versions: (show all )
CVE-2011-4858 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-399 Resource Management Errors
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Vulnerable Software & Versions: (show all )
CVE-2011-5062 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184. Vulnerable Software & Versions: (show all )
CVE-2011-5063 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-287 Improper Authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. Vulnerable Software & Versions: (show all )
CVE-2011-5064 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-310 Cryptographic Issues
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. Vulnerable Software & Versions: (show all )
CVE-2012-0022 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-189 Numeric Errors
Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. Vulnerable Software & Versions: (show all )
CVE-2012-2733 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. Vulnerable Software & Versions: (show all )
CVE-2012-3544 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data. Vulnerable Software & Versions: (show all )
CVE-2012-3546 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. Vulnerable Software & Versions: (show all )
CVE-2012-4431 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. Vulnerable Software & Versions: (show all )
CVE-2012-4534 suppress
Severity:Low CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) CWE: CWE-399 Resource Management Errors
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. Vulnerable Software & Versions: (show all )
CVE-2012-5568 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-16 Configuration
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. Vulnerable Software & Versions: (show all )
CVE-2012-5885 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. Vulnerable Software & Versions: (show all )
CVE-2012-5886 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-287 Improper Authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. Vulnerable Software & Versions: (show all )
CVE-2012-5887 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-287 Improper Authentication
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. Vulnerable Software & Versions: (show all )
CVE-2013-0346 suppress
Severity:Low CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." Vulnerable Software & Versions: (show all )
CVE-2013-2067 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-287 Improper Authentication
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. Vulnerable Software & Versions: (show all )
CVE-2013-2071 suppress
Severity:Low CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes. Vulnerable Software & Versions: (show all )
CVE-2013-2185 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-20 Improper Input Validation
** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue. Vulnerable Software & Versions: (show all )
CVE-2013-4286 suppress
Severity:Medium CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090. Vulnerable Software & Versions: (show all )
CVE-2013-4322 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CWE: CWE-20 Improper Input Validation
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. Vulnerable Software & Versions: (show all )
CVE-2013-4444 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file. Vulnerable Software & Versions: (show all )
CVE-2013-4590 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Vulnerable Software & Versions: (show all )
CVE-2014-0050 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Vulnerable Software & Versions: (show all )
CVE-2014-0075 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-189 Numeric Errors
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. Vulnerable Software & Versions: (show all )
CVE-2014-0096 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Vulnerable Software & Versions: (show all )
CVE-2014-0099 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-189 Numeric Errors
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. Vulnerable Software & Versions: (show all )
CVE-2014-0119 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. Vulnerable Software & Versions: (show all )
CVE-2014-0227 suppress
Severity:Medium CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P) CWE: CWE-19 Data Processing Errors
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. Vulnerable Software & Versions: (show all )
CVE-2014-0230 suppress
Severity:High CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CWE: CWE-399 Resource Management Errors
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts. Vulnerable Software & Versions: (show all )
CVE-2014-7810 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-284 Improper Access Control
The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation. Vulnerable Software & Versions: (show all )
CVE-2015-5174 suppress
Severity:Medium CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. Vulnerable Software & Versions: (show all )
CVE-2015-5345 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. Vulnerable Software & Versions: (show all )
CVE-2015-5346 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java. Vulnerable Software & Versions: (show all )
CVE-2015-5351 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-352 Cross-Site Request Forgery (CSRF)
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. Vulnerable Software & Versions: (show all )
CVE-2016-0706 suppress
Severity:Medium CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application. Vulnerable Software & Versions: (show all )
CVE-2016-0714 suppress
Severity:Medium CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. Vulnerable Software & Versions: (show all )
CVE-2016-0762 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. Vulnerable Software & Versions: (show all )
CVE-2016-0763 suppress
Severity:Medium CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. Vulnerable Software & Versions: (show all )
CVE-2016-1240 suppress
Severity:High CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) CWE: CWE-20 Improper Input Validation
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out. Vulnerable Software & Versions: (show all )
CVE-2016-3092 suppress
Severity:High CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CWE: CWE-20 Improper Input Validation
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. Vulnerable Software & Versions: (show all )
CVE-2016-5018 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-254 7PK - Security Features
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. Vulnerable Software & Versions: (show all )
CVE-2016-5388 suppress
Severity:Medium CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) CWE: CWE-284 Improper Access Control
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability. Vulnerable Software & Versions: (show all )
CVE-2016-5425 suppress
Severity:High CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. Vulnerable Software & Versions:
CVE-2016-6325 suppress
Severity:High CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. Vulnerable Software & Versions:
CVE-2016-6794 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. Vulnerable Software & Versions: (show all )
CVE-2016-6796 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-254 7PK - Security Features
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. Vulnerable Software & Versions: (show all )
CVE-2016-6797 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-284 Improper Access Control
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. Vulnerable Software & Versions: (show all )
CVE-2016-6816 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-20 Improper Input Validation
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. Vulnerable Software & Versions: (show all )
CVE-2016-8735 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) CWE: CWE-284 Improper Access Control
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. Vulnerable Software & Versions: (show all )
CVE-2016-8745 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-388
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions. Vulnerable Software & Versions: (show all )
CVE-2016-9774 suppress
Severity:High CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory. Vulnerable Software & Versions: (show all )
CVE-2016-9775 suppress
Severity:High CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C) CWE: CWE-264 Permissions, Privileges, and Access Controls
The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to gain root privileges via a setgid program in the Catalina directory, as demonstrated by /etc/tomcat8/Catalina/attack. Vulnerable Software & Versions: (show all )
CVE-2017-12615 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-434 Unrestricted Upload of File with Dangerous Type
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Vulnerable Software & Versions: (show all )
CVE-2017-12616 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. Vulnerable Software & Versions: (show all )
CVE-2017-12617 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-434 Unrestricted Upload of File with Dangerous Type
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Vulnerable Software & Versions: (show all )
CVE-2017-5647 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-200 Information Exposure
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. Vulnerable Software & Versions: (show all )
CVE-2017-5648 suppress
Severity:Medium CVSS Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) CWE: CWE-284 Improper Access Control
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Vulnerable Software & Versions: (show all )
CVE-2017-5664 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-254 7PK - Security Features
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. Vulnerable Software & Versions: (show all )
CVE-2017-6056 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) CWE: CWE-19 Data Processing Errors
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. Vulnerable Software & Versions:
CVE-2018-1304 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CWE: CWE-254 7PK - Security Features
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. Vulnerable Software & Versions: (show all )
CVE-2018-1305 suppress
Severity:Medium CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) CWE: CWE-284 Improper Access Control
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them. Vulnerable Software & Versions: (show all )
spatial4j-0.4.1.jarDescription:
Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's
core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance
calculations and other math, and to read shapes in WKT format.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/com/spatial4j/spatial4j/0.4.1/spatial4j-0.4.1.jar
MD5: 7eafc2e18e82d7a38cb800be2dc9d678
SHA1: 4234d12b1ba4d4b539fb3e29edd948a99539d9eb
SHA256: c467b888bf475495a86a0f4491cb87f80f584e7646cafc7686489f81bce371bc
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid spatial4j Low Vendor manifest Bundle-Description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shapes in WKT format. Low Vendor Manifest bundle-symbolicname com.spatial4j Medium Vendor file name spatial4j High Vendor pom organization url http://locationtech.org Medium Vendor pom url spatial4j/spatial4j Highest Vendor pom groupid spatial4j Highest Vendor pom groupid com.spatial4j Highest Vendor Manifest bundle-docurl http://locationtech.org Low Vendor pom description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shapes in WKT format. Low Vendor pom name Spatial4J High Vendor pom organization name LocationTech High Product Manifest Bundle-Name Spatial4J Medium Product manifest Bundle-Description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shapes in WKT format. Low Product Manifest bundle-symbolicname com.spatial4j Medium Product pom organization url http://locationtech.org Low Product file name spatial4j High Product pom organization name LocationTech Low Product pom artifactid spatial4j Highest Product pom url spatial4j/spatial4j High Product Manifest bundle-docurl http://locationtech.org Low Product pom description Spatial4j is a general purpose spatial / geospatial ASL licensed open-source Java library. It's core capabilities are 3-fold: to provide common geospatially-aware shapes, to provide distance calculations and other math, and to read shapes in WKT format. Low Product pom groupid spatial4j Low Product pom name Spatial4J High Version file version 0.4.1 Highest Version pom version 0.4.1 Highest
maven: com.spatial4j:spatial4j:0.4.1 Confidence :Highest lucene-spatial-4.10.4.jarDescription:
Spatial Strategies for Apache Lucene
File Path: /Users/Kevin/.m2/repository/org/apache/lucene/lucene-spatial/4.10.4/lucene-spatial-4.10.4.jarMD5: e78719c0845be3f2ffc0876ba3aefe57SHA1: 79ac88a4f91125f47a1a8e28fffae9860e7b3ca6SHA256: 55a5721730d08671c94e80ffb4e1a50dbd2867ea2633aa734eab4166467518a4Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest extension-name org.apache.lucene Medium Vendor pom groupid apache.lucene Highest Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom parent-groupid org.apache.lucene Medium Vendor pom description
Spatial Strategies for Apache Lucene
Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Lucene Spatial High Vendor file name lucene-spatial High Vendor pom groupid org.apache.lucene Highest Vendor pom artifactid lucene-spatial Low Vendor pom parent-artifactid lucene-parent Low Product Manifest extension-name org.apache.lucene Medium Product pom artifactid lucene-spatial Highest Product Manifest specification-title Lucene Search Engine: spatial Medium Product pom description
Spatial Strategies for Apache Lucene
Medium Product pom groupid apache.lucene Low Product pom name Lucene Spatial High Product file name lucene-spatial High Product Manifest Implementation-Title org.apache.lucene High Product pom parent-groupid org.apache.lucene Low Product pom parent-artifactid lucene-parent Medium Version file version 4.10.4 Highest Version pom version 4.10.4 Highest
maven: org.apache.lucene:lucene-spatial:4.10.4 Confidence :Highest antlr-runtime-3.5.jarDescription:
A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. File Path: /Users/Kevin/.m2/repository/org/antlr/antlr-runtime/3.5/antlr-runtime-3.5.jarMD5: aa6d7c8b425df59f5f5bc98c58cfd9fcSHA1: 0baa82bff19059401e90e1b90020beb9c96305d7SHA256: 7ef52a4e25ea2472a0ae62ae1d5ccaa7ef23be188289ad225fcb8a452a1b738dReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest Implementation-Vendor ANTLR High Vendor pom parent-groupid org.antlr Medium Vendor Manifest Implementation-Vendor-Id org.antlr Medium Vendor pom groupid antlr Highest Vendor pom groupid org.antlr Highest Vendor pom parent-artifactid antlr-master Low Vendor pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low Vendor file name antlr-runtime High Vendor pom name ANTLR 3 Runtime High Vendor pom artifactid antlr-runtime Low Vendor pom url http://www.antlr.org Highest Product Manifest Implementation-Title ANTLR 3 Runtime High Product pom artifactid antlr-runtime Highest Product pom parent-artifactid antlr-master Medium Product pom description A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions. Low Product pom url http://www.antlr.org Medium Product file name antlr-runtime High Product pom name ANTLR 3 Runtime High Product pom parent-groupid org.antlr Low Product pom groupid antlr Low Version pom version 3.5 Highest Version Manifest Implementation-Version 3.5 High Version file version 3.5 Highest
maven: org.antlr:antlr-runtime:3.5 Confidence :Highest elasticsearch-1.5.2.jarDescription:
Elasticsearch - Open Source, Distributed, RESTful Search Engine License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/elasticsearch/elasticsearch/1.5.2/elasticsearch-1.5.2.jar
MD5: 44ad6d04a4e0697b4c26b819a1162bda
SHA1: 47aafc6bf8f23ed8dcbf6a1db174fb0b8e44a8db
SHA256: fb208793e8c77e2ad129df073b9382492fe2297492abbff1e2c50b96c4226053
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom artifactid elasticsearch Low Vendor pom groupid elasticsearch Highest Vendor pom name elasticsearch High Vendor pom groupid org.elasticsearch Highest Vendor file name elasticsearch High Vendor pom description Elasticsearch - Open Source, Distributed, RESTful Search Engine Medium Vendor jar package name elasticsearch Low Product pom name elasticsearch High Product pom artifactid elasticsearch Highest Product pom groupid elasticsearch Low Product file name elasticsearch High Product pom description Elasticsearch - Open Source, Distributed, RESTful Search Engine Medium Version file version 1.5.2 Highest Version pom version 1.5.2 Highest
Published Vulnerabilities CVE-2015-4165 suppress
Severity:Medium CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) CWE: CWE-264 Permissions, Privileges, and Access Controls
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code. Vulnerable Software & Versions:
CVE-2015-5531 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. Vulnerable Software & Versions:
jempbox-1.8.11.jarDescription:
The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM)
specification. JempBox is a subproject of Apache PDFBox.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/pdfbox/jempbox/1.8.11/jempbox-1.8.11.jar
MD5: ea59dc682cd3ed8ce8fb51e14e4693a4
SHA1: e4a930b874f4012314068550c70187e7857c4bd1
SHA256: b50879b87e1e9287831795d417af39d5587fcb2608b6296b7241fb0738aaaf6d
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid org.apache.pdfbox Highest Vendor pom parent-artifactid pdfbox-parent Low Vendor file name jempbox High Vendor manifest Bundle-Description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest bundle-symbolicname org.apache.pdfbox.jempbox Medium Vendor pom groupid apache.pdfbox Highest Vendor Manifest bundle-docurl http://pdfbox.apache.org Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest Implementation-Vendor-Id org.apache.pdfbox Medium Vendor pom description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low Vendor pom parent-groupid org.apache.pdfbox Medium Vendor pom artifactid jempbox Low Vendor pom name Apache JempBox High Product file name jempbox High Product Manifest Implementation-Title Apache JempBox High Product pom artifactid jempbox Highest Product manifest Bundle-Description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low Product pom groupid apache.pdfbox Low Product pom parent-artifactid pdfbox-parent Medium Product Manifest bundle-symbolicname org.apache.pdfbox.jempbox Medium Product Manifest bundle-docurl http://pdfbox.apache.org Low Product Manifest Bundle-Name Apache JempBox Medium Product pom description The Apache JempBox library is an open source Java tool that implements Adobe's XMP(TM) specification. JempBox is a subproject of Apache PDFBox. Low Product Manifest specification-title Apache JempBox Medium Product pom parent-groupid org.apache.pdfbox Low Product pom name Apache JempBox High Version Manifest Implementation-Version 1.8.11 High Version file version 1.8.11 Highest Version pom version 1.8.11 Highest
Published Vulnerabilities CVE-2016-2175 suppress
Severity:High CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. Vulnerable Software & Versions: (show all )
CVE-2018-8036 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CWE: CWE-399 Resource Management Errors
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. Vulnerable Software & Versions: (show all )
xmlschema-core-2.2.1.jarDescription:
Commons XMLSchema is a light weight schema object model that can be used to manipulate or
generate XML schema. License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/ws/xmlschema/xmlschema-core/2.2.1/xmlschema-core-2.2.1.jar
MD5: bab3d98961f361b5e66dbcdadaad1ecf
SHA1: 02eff1f3776590d4c51cc735eab2143c497329f2
SHA256: a2c7a43319c213eea338ac0d84cc1aa1dc37cd458886d618703e8bd91bb51993
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor Manifest bundle-docurl http://ws.apache.org/xmlschema/ Low Vendor manifest Bundle-Description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. Low Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom groupid apache.ws.xmlschema Highest Vendor pom groupid org.apache.ws.xmlschema Highest Vendor Manifest bundle-symbolicname org.apache.ws.xmlschema.core Medium Vendor pom parent-artifactid xmlschema Low Vendor pom name XmlSchema Core High Vendor file name xmlschema-core High Vendor pom description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid xmlschema-core Low Vendor pom parent-groupid org.apache.ws.xmlschema Medium Product Manifest bundle-docurl http://ws.apache.org/xmlschema/ Low Product pom name XmlSchema Core High Product file name xmlschema-core High Product pom parent-artifactid xmlschema Medium Product pom description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. Low Product manifest Bundle-Description Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema. Low Product pom groupid apache.ws.xmlschema Low Product pom artifactid xmlschema-core Highest Product Manifest Bundle-Name XmlSchema Core Medium Product pom parent-groupid org.apache.ws.xmlschema Low Product Manifest bundle-symbolicname org.apache.ws.xmlschema.core Medium Version file version 2.2.1 Highest Version pom version 2.2.1 Highest
maven: org.apache.ws.xmlschema:xmlschema-core:2.2.1 Confidence :Highestcpe: cpe:/a:ws_project:ws:2.2.1 Confidence :Low suppress cxf-core-3.1.4.jarDescription:
Apache CXF Core License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/apache/cxf/cxf-core/3.1.4/cxf-core-3.1.4.jar
MD5: 7c2da0224027b70c6a06f96153b3b315
SHA1: 5387c3daecea4e2b4c7bf74c77e81435f381481e
SHA256: b9db76e21ca79793f9f016490ad4cf086148a716a0427e8d9806fb386e2c145b
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name cxf-core High Vendor pom url http://cxf.apache.org Highest Vendor pom parent-artifactid cxf-parent Low Vendor pom groupid org.apache.cxf Highest Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor pom groupid apache.cxf Highest Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom name Apache CXF Core High Vendor Manifest bundle-docurl http://cxf.apache.org Low Vendor pom description Apache CXF Core Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-symbolicname org.apache.cxf.cxf-core Medium Vendor Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/core",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/beans",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/parameterized-types",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/security",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://schemas.xmlsoap.org/wsdl/", Low Vendor pom parent-groupid org.apache.cxf Medium Vendor pom artifactid cxf-core Low Vendor manifest Bundle-Description Apache CXF Core Medium Product pom parent-artifactid cxf-parent Medium Product file name cxf-core High Product Manifest Bundle-Name Apache CXF Core Medium Product pom name Apache CXF Core High Product Manifest bundle-docurl http://cxf.apache.org Low Product pom description Apache CXF Core Medium Product pom url http://cxf.apache.org Medium Product pom groupid apache.cxf Low Product pom artifactid cxf-core Highest Product Manifest bundle-symbolicname org.apache.cxf.cxf-core Medium Product pom parent-groupid org.apache.cxf Low Product Manifest export-service org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/blueprint/core",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/beans",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/parameterized-types",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://cxf.apache.org/configuration/security",org.apache.aries.blueprint.NamespaceHandler;osgi.service.blueprint.namespace="http://schemas.xmlsoap.org/wsdl/", Low Product manifest Bundle-Description Apache CXF Core Medium Version pom version 3.1.4 Highest Version Manifest Implementation-Version 3.1.4 High Version file version 3.1.4 Highest
Published Vulnerabilities CVE-2016-6812 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. Vulnerable Software & Versions: (show all )
CVE-2016-8739 suppress
Severity:High CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) CWE: CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. Vulnerable Software & Versions: (show all )
CVE-2017-12624 suppress
Severity:Medium CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CWE: CWE-19 Data Processing Errors
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". Vulnerable Software & Versions: (show all )
CVE-2017-3156 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-361 7PK - Time and State
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. Vulnerable Software & Versions: (show all )
CVE-2017-5653 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CWE: CWE-20 Improper Input Validation
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. Vulnerable Software & Versions: (show all )
CVE-2017-5656 suppress
Severity:Medium CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CWE: CWE-384 Session Fixation
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. Vulnerable Software & Versions: (show all )
CVE-2018-8039 suppress
Severity:Medium CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) CWE: CWE-254 7PK - Security Features
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks. Vulnerable Software & Versions: (show all )
jboss-jaxrs-api_2.0_spec-1.0.1.Beta1.jarDescription:
JSR 339: JAX-RS 2.0: The Java(TM) API for RESTful Web Services License:
Common Development and Distribution License: http://repository.jboss.org/licenses/cddl.txt
GNU General Public License, Version 2 with the Classpath Exception: http://repository.jboss.org/licenses/gpl-2.0-ce.txt File Path: /Users/Kevin/.m2/repository/org/jboss/spec/javax/ws/rs/jboss-jaxrs-api_2.0_spec/1.0.1.Beta1/jboss-jaxrs-api_2.0_spec-1.0.1.Beta1.jar
MD5: b9eaf10c4d4f47c49ee13e7f8db54f0f
SHA1: 66c0832acaba167c2fd7ee4cbaf212347854d57c
SHA256: 1218fa20acae20a0cfb618b452e01c9bf2bfa9cb12fadb308a7a3adbdc45d2b5
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss Medium Vendor Manifest os-name Windows 10 Medium Vendor pom groupid jboss.spec.javax.ws.rs Highest Vendor pom description JSR 339: JAX-RS 2.0: The Java(TM) API for RESTful Web Services Medium Vendor Manifest bundle-symbolicname org.jboss.spec.javax.ws.rs.jboss-jaxrs-api_2.0_spec Medium Vendor Manifest (hint) specification-vendor sun Low Vendor pom groupid org.jboss.spec.javax.ws.rs Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor pom artifactid jboss-jaxrs-api_2.0_spec Low Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest implementation-url http://www.jboss.org/jboss-jaxrs-api_2.0_spec Low Vendor Manifest specification-vendor Oracle Low Vendor pom parent-artifactid jboss-parent Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor manifest Bundle-Description JSR 339: JAX-RS 2.0: The Java(TM) API for RESTful Web Services Medium Vendor pom name JAX-RS 2.0: The Java(TM) API for RESTful Web Services High Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.ws.rs Medium Vendor file name jboss-jaxrs-api_2.0_spec-1.0.1.Beta1 High Product Manifest Bundle-Name JAX-RS 2.0: The Java(TM) API for RESTful Web Services Medium Product Manifest os-name Windows 10 Medium Product pom artifactid jboss-jaxrs-api_2.0_spec Highest Product pom description JSR 339: JAX-RS 2.0: The Java(TM) API for RESTful Web Services Medium Product Manifest bundle-symbolicname org.jboss.spec.javax.ws.rs.jboss-jaxrs-api_2.0_spec Medium Product Manifest specification-title JSR 339: The Java(TM) API for RESTful Web Services Medium Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest Implementation-Title JAX-RS 2.0: The Java(TM) API for RESTful Web Services High Product Manifest implementation-url http://www.jboss.org/jboss-jaxrs-api_2.0_spec Low Product pom parent-groupid org.jboss Low Product manifest Bundle-Description JSR 339: JAX-RS 2.0: The Java(TM) API for RESTful Web Services Medium Product pom parent-artifactid jboss-parent Medium Product pom name JAX-RS 2.0: The Java(TM) API for RESTful Web Services High Product pom groupid jboss.spec.javax.ws.rs Low Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product file name jboss-jaxrs-api_2.0_spec-1.0.1.Beta1 High Version pom version 1.0.1.Beta1 Highest Version Manifest Implementation-Version 1.0.1.Beta1 High
maven: org.jboss.spec.javax.ws.rs:jboss-jaxrs-api_2.0_spec:1.0.1.Beta1 Confidence :Highest resteasy-jaxrs-services-3.1.1.Final.jarFile Path: /Users/Kevin/.m2/repository/org/jboss/resteasy/resteasy-jaxrs-services/3.1.1.Final/resteasy-jaxrs-services-3.1.1.Final.jarMD5: 1119eeca48ad4b20f335875c1ae46632SHA1: 9137bc3f670d573438ec51eb74e9944790001741SHA256: 7da742585f0c4fd539c93abc1a5d42ab36a7203f4984b83b7ae594c34b30e9d6Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss.resteasy Medium Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom groupid jboss.resteasy Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom name RESTEasy JAX-RS services High Vendor file name resteasy-jaxrs-services High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor Manifest implementation-url http://rest-easy.org/resteasy-jaxrs-services Low Vendor pom groupid org.jboss.resteasy Highest Vendor pom artifactid resteasy-jaxrs-services Low Product pom groupid jboss.resteasy Low Product file name resteasy-jaxrs-services High Product Manifest Implementation-Title RESTEasy JAX-RS services High Product pom artifactid resteasy-jaxrs-services Highest Product Manifest implementation-url http://rest-easy.org/resteasy-jaxrs-services Low Product Manifest os-name Linux Medium Product pom parent-groupid org.jboss.resteasy Low Product Manifest specification-title RESTEasy JAX-RS services Medium Product pom parent-artifactid resteasy-jaxrs-all Medium Product pom name RESTEasy JAX-RS services High Version file version 3.1.1 Highest Version pom version 3.1.1.Final Highest Version Manifest Implementation-Version 3.1.1.Final High
maven: org.jboss.resteasy:resteasy-jaxrs-services:3.1.1.Final Confidence :Highest jboss-annotations-api_1.2_spec-1.0.0.Final.jarDescription:
JSR 250: Common Annotations for the Java(TM) Platform License:
CDDL or GPLv2 with exceptions: https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html File Path: /Users/Kevin/.m2/repository/org/jboss/spec/javax/annotation/jboss-annotations-api_1.2_spec/1.0.0.Final/jboss-annotations-api_1.2_spec-1.0.0.Final.jar
MD5: 5f6032592ce12619333ee3330cdebf08
SHA1: 6d7ff02a645227876ed550900d32d618b8f0d556
SHA256: bb979cac95ef2748bc85d4b8151bef88b9a203d03068fbe799c6e6162c950780
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss Medium Vendor pom name Common Annotations 1.2 API High Vendor pom groupid org.jboss.spec.javax.annotation Highest Vendor Manifest (hint) specification-vendor sun Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor pom description JSR 250: Common Annotations for the Java(TM) Platform Medium Vendor pom groupid jboss.spec.javax.annotation Highest Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest bundle-symbolicname org.jboss.spec.javax.annotation.jboss-annotations-api_1.2_spec Medium Vendor Manifest Implementation-Vendor-Id org.jboss.spec.javax.annotation Medium Vendor file name jboss-annotations-api_1.2_spec-1.0.0.Final High Vendor Manifest implementation-url http://www.jboss.org/jboss-annotations-api_1.2_spec Low Vendor Manifest specification-vendor Oracle Low Vendor pom artifactid jboss-annotations-api_1.2_spec Low Vendor pom parent-artifactid jboss-parent Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor manifest Bundle-Description JSR 250: Common Annotations for the Java(TM) Platform Medium Vendor Manifest build-timestamp Tue, 8 Oct 2013 15:58:01 -0400 Low Product pom name Common Annotations 1.2 API High Product pom groupid jboss.spec.javax.annotation Low Product Manifest Bundle-Name Common Annotations 1.2 API Medium Product Manifest os-name Linux Medium Product pom description JSR 250: Common Annotations for the Java(TM) Platform Medium Product Manifest specification-title JSR 250: Common Annotations for the Java(TM) Platform Medium Product Manifest bundle-docurl http://www.jboss.org Low Product pom artifactid jboss-annotations-api_1.2_spec Highest Product Manifest bundle-symbolicname org.jboss.spec.javax.annotation.jboss-annotations-api_1.2_spec Medium Product file name jboss-annotations-api_1.2_spec-1.0.0.Final High Product Manifest implementation-url http://www.jboss.org/jboss-annotations-api_1.2_spec Low Product pom parent-groupid org.jboss Low Product Manifest Implementation-Title Common Annotations 1.2 API High Product pom parent-artifactid jboss-parent Medium Product manifest Bundle-Description JSR 250: Common Annotations for the Java(TM) Platform Medium Product Manifest build-timestamp Tue, 8 Oct 2013 15:58:01 -0400 Low Version pom version 1.0.0.Final Highest Version Manifest Implementation-Version 1.0.0.Final High
maven: org.jboss.spec.javax.annotation:jboss-annotations-api_1.2_spec:1.0.0.Final Confidence :Highest activation-1.1.1.jarDescription:
The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html File Path: /Users/Kevin/.m2/repository/javax/activation/activation/1.1.1/activation-1.1.1.jar
MD5: 46a37512971d8eca81c3fcf245bf07d2
SHA1: 485de3a253e23f645037828c07f1d7f1af40763a
SHA256: ae475120e9fcd99b4b00b38329bd61cdc5eb754eee03fe66c01f50e137724f99
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name activation High Vendor Manifest Implementation-Vendor-Id com.sun Medium Vendor Manifest Implementation-Vendor Sun Microsystems, Inc. High Vendor pom name JavaBeans(TM) Activation Framework High Vendor pom artifactid activation Low Vendor pom description The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data Medium Vendor pom url http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp Highest Vendor Manifest specification-vendor Sun Microsystems, Inc. Low Vendor Manifest extension-name javax.activation Medium Vendor pom groupid javax.activation Highest Product file name activation High Product pom name JavaBeans(TM) Activation Framework High Product pom description The JavaBeans(TM) Activation Framework is used by the JavaMail(TM) API to manage MIME data Medium Product pom groupid javax.activation Low Product Manifest specification-title JavaBeans(TM) Activation Framework Specification Medium Product Manifest extension-name javax.activation Medium Product pom url http://java.sun.com/javase/technologies/desktop/javabeans/jaf/index.jsp Medium Product pom artifactid activation Highest Version pom version 1.1.1 Highest Version Manifest Implementation-Version 1.1.1 High Version file version 1.1.1 Highest
maven: javax.activation:activation:1.1.1 Confidence :Highest jcip-annotations-1.0.jarFile Path: /Users/Kevin/.m2/repository/net/jcip/jcip-annotations/1.0/jcip-annotations-1.0.jarMD5: 9d5272954896c5a5d234f66b7372b17aSHA1: afba4942caaeaf46aab0b976afd57cc7c181467eSHA256: be5805392060c71474bf6c9a67a099471274d30b83eef84bfc4e0889a4f1dcc0Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor jar package name jcip Low Vendor pom artifactid jcip-annotations Low Vendor jar package name annotations Low Vendor jar package name net Low Vendor pom name "Java Concurrency in Practice" book annotations High Vendor pom groupid net.jcip Highest Vendor pom url http://jcip.net/ Highest Vendor file name jcip-annotations High Product pom url http://jcip.net/ Medium Product jar package name jcip Low Product jar package name annotations Low Product pom groupid net.jcip Low Product pom name "Java Concurrency in Practice" book annotations High Product pom artifactid jcip-annotations Highest Product file name jcip-annotations High Version file version 1.0 Highest Version pom version 1.0 Highest
maven: net.jcip:jcip-annotations:1.0 Confidence :Highest jboss-logging-3.3.0.Final.jarDescription:
The JBoss Logging Framework License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/jboss/logging/jboss-logging/3.3.0.Final/jboss-logging-3.3.0.Final.jar
MD5: bc11af4b8ce7138cdc79b7ba8561638c
SHA1: 3616bb87707910296e2c195dc016287080bba5af
SHA256: e0e0595e7f70c464609095aef9e47a8484e05f2f621c0aa5081c18e3db2d498c
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss Medium Vendor pom groupid org.jboss.logging Highest Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor pom description The JBoss Logging Framework Medium Vendor pom groupid jboss.logging Highest Vendor manifest Bundle-Description The JBoss Logging Framework Medium Vendor Manifest build-timestamp Thu, 28 May 2015 09:49:28 -0700 Low Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor pom artifactid jboss-logging Low Vendor pom name JBoss Logging 3 High Vendor Manifest bundle-docurl http://www.jboss.org Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin Low Vendor Manifest Implementation-Vendor-Id org.jboss.logging Medium Vendor pom parent-artifactid jboss-parent Low Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom url http://www.jboss.org Highest Vendor file name jboss-logging High Vendor Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Vendor Manifest implementation-url http://www.jboss.org Low Product Manifest Implementation-Title JBoss Logging 3 High Product pom groupid jboss.logging Low Product pom description The JBoss Logging Framework Medium Product Manifest specification-title JBoss Logging 3 Medium Product manifest Bundle-Description The JBoss Logging Framework Medium Product Manifest build-timestamp Thu, 28 May 2015 09:49:28 -0700 Low Product Manifest os-name Linux Medium Product pom name JBoss Logging 3 High Product Manifest bundle-docurl http://www.jboss.org Low Product Manifest originally-created-by Apache Maven Bundle Plugin Low Product Manifest Bundle-Name JBoss Logging 3 Medium Product pom artifactid jboss-logging Highest Product pom parent-groupid org.jboss Low Product pom parent-artifactid jboss-parent Medium Product file name jboss-logging High Product Manifest bundle-symbolicname org.jboss.logging.jboss-logging Medium Product Manifest implementation-url http://www.jboss.org Low Product pom url http://www.jboss.org Medium Version pom version 3.3.0.Final Highest Version file version 3.3.0 Highest Version Manifest Implementation-Version 3.3.0.Final High
maven: org.jboss.logging:jboss-logging:3.3.0.Final Confidence :Highest resteasy-jaxrs-3.1.1.Final.jarFile Path: /Users/Kevin/.m2/repository/org/jboss/resteasy/resteasy-jaxrs/3.1.1.Final/resteasy-jaxrs-3.1.1.Final.jarMD5: 34f453ada08efeabbc2f83b3dae14f7fSHA1: 8c2d93394dbb42b418be4579a49460883b3d3aefSHA256: dde3dff1cab60d94cbc7db62683991ffbfb07188c4c7c6397e79975ccbc1033aReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.jboss.resteasy Medium Vendor Manifest implementation-url http://rest-easy.org/resteasy-jaxrs Low Vendor pom artifactid resteasy-jaxrs Low Vendor Manifest specification-vendor JBoss by Red Hat Low Vendor file name resteasy-jaxrs High Vendor pom groupid jboss.resteasy Highest Vendor Manifest java-vendor Oracle Corporation Medium Vendor Manifest os-name Linux Medium Vendor Manifest Implementation-Vendor-Id org.jboss.resteasy Medium Vendor pom parent-artifactid resteasy-jaxrs-all Low Vendor pom name RESTEasy JAX-RS Implementation High Vendor Manifest Implementation-Vendor JBoss by Red Hat High Vendor pom groupid org.jboss.resteasy Highest Product pom groupid jboss.resteasy Low Product Manifest specification-title RESTEasy JAX-RS Implementation Medium Product Manifest implementation-url http://rest-easy.org/resteasy-jaxrs Low Product pom name RESTEasy JAX-RS Implementation High Product file name resteasy-jaxrs High Product Manifest Implementation-Title RESTEasy JAX-RS Implementation High Product pom artifactid resteasy-jaxrs Highest Product Manifest os-name Linux Medium Product pom parent-groupid org.jboss.resteasy Low Product pom parent-artifactid resteasy-jaxrs-all Medium Version file version 3.1.1 Highest Version pom version 3.1.1.Final Highest Version Manifest Implementation-Version 3.1.1.Final High
maven: org.jboss.resteasy:resteasy-jaxrs:3.1.1.Final Confidence :Highest jna-4.0.0.jar: jnidispatch.dllFile Path: /Users/Kevin/.m2/repository/net/java/dev/jna/jna/4.0.0/jna-4.0.0.jar/com/sun/jna/win32-x86/jnidispatch.dllMD5: cc120b15f4fcdafe80c495c5c648319fSHA1: 75aad2852aab97bf068c71c10e60b1c96bcadc1cSHA256: aac8facb9f50ef401a610eb40232f324ae8cc59671c48298742bf0fec3b8967fReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
jna-4.0.0.jar: jnidispatch.dllFile Path: /Users/Kevin/.m2/repository/net/java/dev/jna/jna/4.0.0/jna-4.0.0.jar/com/sun/jna/w32ce-arm/jnidispatch.dllMD5: 57697cbdd321ae7d06f5da04e821f908SHA1: 67167f2b2fce8db5f9f64a372b0da54730d3ee51SHA256: 361e173e6e50cb1bf8b7fab38c1ff99686ea819e58ee30348e7756cb0418a9f6Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
jna-4.0.0.jar: jnidispatch.dllFile Path: /Users/Kevin/.m2/repository/net/java/dev/jna/jna/4.0.0/jna-4.0.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dllMD5: 06b2f1f909d2436dff20d7a668ef26a9SHA1: bd1bdda9a91f3b0d9067e323f7394bef933f81f6SHA256: e7864cb5509990ccf3f3d8a2ad1eaf41491ebb82df35408ee79957385d8355b3Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
jansi-1.11.jar: jansi.dllFile Path: /Users/Kevin/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/native/windows32/jansi.dllMD5: 1e56641bb68937f8e2020cbff5d04a08SHA1: 97f6e12599bb5848867b9762184d055ed918ab2aSHA256: 0f59ff32a7c70e00a580d893de42ffaf48d0242b4d6251792666919b10ac3cd4Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name jansi High Product file name jansi High
Related Dependencies jline-2.13.jar: jansi.dllFile Path: /Users/Kevin/.m2/repository/jline/jline/2.13/jline-2.13.jar/META-INF/native/windows32/jansi.dll MD5: 1e56641bb68937f8e2020cbff5d04a08 SHA1: 97f6e12599bb5848867b9762184d055ed918ab2a SHA256: 0f59ff32a7c70e00a580d893de42ffaf48d0242b4d6251792666919b10ac3cd4 jansi-1.11.jar: jansi.dllFile Path: /Users/Kevin/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/native/windows64/jansi.dllMD5: fd3a20891286c958103f3ea07174cd3cSHA1: 829195c9e338d5725cf304ae33fc209db53884ebSHA256: c33505a7c1fb847c03329a4f0e4b3c5cebac3a3604133d797d09172de25e3978Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor file name jansi High Product file name jansi High
Related Dependencies jline-2.13.jar: jansi.dllFile Path: /Users/Kevin/.m2/repository/jline/jline/2.13/jline-2.13.jar/META-INF/native/windows64/jansi.dll MD5: fd3a20891286c958103f3ea07174cd3c SHA1: 829195c9e338d5725cf304ae33fc209db53884eb SHA256: c33505a7c1fb847c03329a4f0e4b3c5cebac3a3604133d797d09172de25e3978 plexus-utils-1.5.4.jar (shaded: org.codehaus.plexus:plexus-interpolation:1.0)File Path: /Users/Kevin/.m2/repository/org/codehaus/plexus/plexus-utils/1.5.4/plexus-utils-1.5.4.jar/META-INF/maven/org.codehaus.plexus/plexus-interpolation/pom.xmlMD5: 61795135733295c9aa438fda7b923db8SHA1: 1074eabfbcbfb0decfe6f9ed0541668e114b9311SHA256: 0749c012cf2271d466eb9aef9acc2e84c38a2a94d545e7108fd15302b21a1b82Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-groupid org.codehaus.plexus Medium Vendor pom artifactid plexus-interpolation Low Vendor pom name Plexus Interpolation API High Vendor pom parent-artifactid plexus Low Vendor pom groupid codehaus.plexus Highest Product pom parent-artifactid plexus Medium Product pom groupid codehaus.plexus Low Product pom parent-groupid org.codehaus.plexus Low Product pom name Plexus Interpolation API High Product pom artifactid plexus-interpolation Highest Version pom version 1.0 Highest Version pom parent-version 1.0 Low
maven: org.codehaus.plexus:plexus-interpolation:1.0 Confidence :High netty-common-4.1.8.Final.jar (shaded: org.jctools:jctools-core:1.2.1)Description:
Java Concurrency Tools Core Library License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/io/netty/netty-common/4.1.8.Final/netty-common-4.1.8.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: b104e807eab8c5ec728e4440814b4e86
SHA1: 890d905133422e4be5df7cffa81e7dd9c5336d7e
SHA256: 12444dc7be1ea1e1b5361f4bb9fb9ae04197b64846c3ce915b363cfafbcdf8d9
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom description Java Concurrency Tools Core Library Medium Vendor pom groupid jctools Highest Vendor pom url JCTools Highest Vendor pom artifactid jctools-core Low Vendor pom name Java Concurrency Tools Core Library High Product pom description Java Concurrency Tools Core Library Medium Product pom artifactid jctools-core Highest Product pom groupid jctools Low Product pom name Java Concurrency Tools Core Library High Product pom url JCTools High Version pom version 1.2.1 Highest
maven: org.jctools:jctools-core:1.2.1 Confidence :High jansi-1.11.jar (shaded: org.fusesource.hawtjni:hawtjni-runtime:1.8)Description:
The API that projects using HawtJNI should build against. File Path: /Users/Kevin/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/maven/org.fusesource.hawtjni/hawtjni-runtime/pom.xmlMD5: 9343dc158b5894310f26732ebb2b73eeSHA1: 14df4655274e472909050661f8e9ed98a28b6721SHA256: 13ecedc2275242731df0cb4b491cb79cacb36f945ff402677b56680d7321a15fReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom name HawtJNI Runtime High Vendor pom artifactid hawtjni-runtime Low Vendor pom description The API that projects using HawtJNI should build against. Medium Vendor pom parent-artifactid hawtjni-project Low Vendor pom parent-groupid org.fusesource.hawtjni Medium Vendor pom groupid fusesource.hawtjni Highest Product pom parent-artifactid hawtjni-project Medium Product pom name HawtJNI Runtime High Product pom artifactid hawtjni-runtime Highest Product pom description The API that projects using HawtJNI should build against. Medium Product pom groupid fusesource.hawtjni Low Product pom parent-groupid org.fusesource.hawtjni Low Version pom version 1.8 Highest
maven: org.fusesource.hawtjni:hawtjni-runtime:1.8 Confidence :High jansi-1.11.jar (shaded: org.fusesource.jansi:jansi-native:1.5)Description:
Jansi is a java library for generating and interpreting ANSI escape sequences. License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi-native/pom.xml
MD5: 1bbb551ce034727cd799619954437ab5
SHA1: 0177ae5fbf3b24c3e9adb94d98e29213259a8bc6
SHA256: e6fd759cbf831b6df571733eb38cfbee690d52c2e205248a76690efd24c8e036
Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom groupid fusesource.jansi Highest Vendor pom description Jansi is a java library for generating and interpreting ANSI escape sequences. Medium Vendor pom parent-groupid org.fusesource Medium Vendor pom url http://${forge-project-id}.fusesource.org Highest Vendor pom artifactid jansi-native Low Vendor pom name ${project.artifactId} High Vendor pom parent-artifactid fusesource-pom Low Product pom artifactid jansi-native Highest Product pom description Jansi is a java library for generating and interpreting ANSI escape sequences. Medium Product pom parent-groupid org.fusesource Low Product pom groupid fusesource.jansi Low Product pom name ${project.artifactId} High Product pom parent-artifactid fusesource-pom Medium Product pom url http://${forge-project-id}.fusesource.org Medium Version pom parent-version 1.5 Low Version pom version 1.5 Highest
cpe: cpe:/a:id:id-software:1.5 Confidence :Low suppress maven: org.fusesource.jansi:jansi-native:1.5 Confidence :High jansi-1.11.jar (shaded: org.fusesource.jansi:jansi:1.11)Description:
Jansi is a java library for generating and interpreting ANSI escape sequences. File Path: /Users/Kevin/.m2/repository/org/fusesource/jansi/jansi/1.11/jansi-1.11.jar/META-INF/maven/org.fusesource.jansi/jansi/pom.xmlMD5: 18c6eba91ac7aa1a27324b482dca06d5SHA1: 3aea48c5e47064eec9903f4a14e5acee8fe345d8SHA256: fba16891bde4264829c63dcddbed8832b14537caeb25d10a90ee0fba934a552dReferenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom parent-artifactid jansi-project Low Vendor pom groupid fusesource.jansi Highest Vendor pom description Jansi is a java library for generating and interpreting ANSI escape sequences. Medium Vendor pom artifactid jansi Low Vendor pom name ${project.artifactId} High Vendor pom parent-groupid org.fusesource.jansi Medium Product pom parent-groupid org.fusesource.jansi Low Product pom description Jansi is a java library for generating and interpreting ANSI escape sequences. Medium Product pom parent-artifactid jansi-project Medium Product pom groupid fusesource.jansi Low Product pom name ${project.artifactId} High Product pom artifactid jansi Highest Version pom version 1.11 Highest
maven: org.fusesource.jansi:jansi:1.11 Confidence :Highcpe: cpe:/a:id:id-software:1.11 Confidence :Low suppress htrace-core-3.2.0-incubating.jar (shaded: commons-logging:commons-logging:1.1.1)Description:
Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems. File Path: /Users/Kevin/.m2/repository/org/apache/htrace/htrace-core/3.2.0-incubating/htrace-core-3.2.0-incubating.jar/META-INF/maven/commons-logging/commons-logging/pom.xmlMD5: 976d812430b8246deeaf2ea54610f263SHA1: 76672afb562b9e903674ad3a544cdf2092f1faa3SHA256: d0f2e16d054e8bb97add9ca26525eb2346f692809fcd2a28787da8ceb3c35ee8Referenced In Project/Scope: trial:compile
Evidence Type Source Name Value Confidence Vendor pom url http://commons.apache.org/logging Highest Vendor pom groupid commons-logging Highest Vendor pom description Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Vendor pom artifactid commons-logging Low Vendor pom parent-artifactid commons-parent Low Vendor pom parent-groupid org.apache.commons Medium Vendor pom name Commons Logging High Product pom parent-groupid org.apache.commons Low Product pom parent-artifactid commons-parent Medium Product pom description Commons Logging is a thin adapter allowing configurable bridging to other, well known logging systems. Low Product pom url http://commons.apache.org/logging Medium Product pom artifactid commons-logging Highest Product pom groupid commons-logging Low Product pom name Commons Logging High Version pom version 1.1.1 Highest Version pom parent-version 1.1.1 Low
maven: commons-logging:commons-logging:1.1.1 Confidence :High Suppressed Vulnerabilitiesstax-api-1.0.1.jar Description:
StAX API is the standard java XML processing API defined by JSR-173 License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/stax/stax-api/1.0.1/stax-api-1.0.1.jar
MD5: 7d436a53c64490bee564c576babb36b4
SHA1: 49c100caf72d658aca8e58bd74a4ba90fa2b0d70
SHA256: $enc.html($dependency.Sha255sum)
Evidence Type Source Name Value Confidence Vendor pom name StAX API High Vendor Manifest specification-vendor JCP-173 Low Vendor file name stax-api High Vendor pom artifactid stax-api Low Vendor pom url http://stax.codehaus.org/ Highest Vendor pom groupid stax Highest Vendor Manifest Implementation-Vendor JCP High Vendor pom description StAX API is the standard java XML processing API defined by JSR-173 Medium Product Manifest specification-title StAX Medium Product pom name StAX API High Product pom groupid stax Low Product file name stax-api High Product pom url http://stax.codehaus.org/ Medium Product pom artifactid stax-api Highest Product Manifest Implementation-Title StAX 1.0 API High Product pom description StAX API is the standard java XML processing API defined by JSR-173 Medium Version file version 1.0.1 Highest Version pom version 1.0.1 Highest Version Manifest Implementation-Version 1.0.1 High
cpe: cpe:/a:st_project:st:1.0.1 suppressed Confidence :Low Suppressed Vulnerabilities CVE-2017-16224 suppressed
Severity:Medium CVSS Score: 5.8 CWE: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers treat as a proper redirect as // is translated into the current schema being used. Mitigating factor: In order for this to work, st must be serving from the root of a server (/) rather than the typical sub directory (/static/) and the redirect URL will end with some form of URL encoded .. ("%2e%2e", "%2e.", ".%2e"). Vulnerable Software & Versions:
zip4j-1.3.2.jar License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /Users/Kevin/.m2/repository/net/lingala/zip4j/zip4j/1.3.2/zip4j-1.3.2.jar
MD5: 67577b0541256ea89d15e0edb6d2a7b8
SHA1: 4ba84e98ee017b74cb52f45962f929a221f3074c
SHA256: $enc.html($dependency.Sha255sum)
Evidence Type Source Name Value Confidence Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor file name zip4j High Vendor Manifest bundle-symbolicname net.lingala.zip4j Medium Vendor pom groupid net.lingala.zip4j Highest Vendor pom artifactid zip4j Low Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product pom artifactid zip4j Highest Product pom groupid net.lingala.zip4j Low Product Manifest Bundle-Name Zip4j Medium Product file name zip4j High Product Manifest bundle-symbolicname net.lingala.zip4j Medium Version pom version 1.3.2 Highest Version file version 1.3.2 Highest
cpe: cpe:/a:zip_project:zip:1.3.2 suppressed Confidence :Low Suppressed Vulnerabilities CVE-2018-13684 suppressed
Severity:Medium CVSS Score: 5.0 CWE: CWE-190 Integer Overflow or Wraparound
The mintToken function of a smart contract implementation for ZIP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. Vulnerable Software & Versions: